Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
6109238.exe

Overview

General Information

Sample Name:6109238.exe
Analysis ID:680485
MD5:2aeb09e3b19012d3d2add45559422416
SHA1:0364e572469a4bfb486c982348c7fa62ccb7e818
SHA256:917e03484856f0980f2150822a231e0f73e3cef3f074ea1644dcbd1082590399
Tags:exeformbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 6109238.exe (PID: 1980 cmdline: "C:\Users\user\Desktop\6109238.exe" MD5: 2AEB09E3B19012D3D2ADD45559422416)
    • powershell.exe (PID: 5756 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 2276 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • 6109238.exe (PID: 5392 cmdline: C:\Users\user\Desktop\6109238.exe MD5: 2AEB09E3B19012D3D2ADD45559422416)
      • explorer.exe (PID: 3688 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • help.exe (PID: 2056 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
          • cmd.exe (PID: 5596 cmdline: /c del "C:\Users\user\Desktop\6109238.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.ruichuo888.com/g2i8/"], "decoy": ["ziezi.top", "vngik.com", "alternativaporbenidorm.com", "papinahooy.com", "aldemyangin.com", "943757.com", "ayty8.com", "rindedwladku.xyz", "highwoodcorp.com", "tyarx.com", "pikkunoita.online", "airtaxifl.com", "bjbjbfc.com", "busan.xyz", "ieeeturkeyblog.com", "valtuo.store", "xinyenet.net", "ditral.com", "protocolozero.info", "newbrunswickcreditunions.com", "elainebaby.xyz", "koidesignstudio.com", "99vin.group", "archipel-aventure.com", "khademi.group", "takaboar.com", "rzxx123.net", "games-wedding.com", "spinhaus.com", "51sic.com", "3dtouch.asia", "tracking173.xyz", "febmaklstudio.xyz", "cookingshots.com", "royaltristate.com", "amangift.store", "vehicleaccessories.store", "kannadasuddi.com", "the4weekway.international", "asd1118.xyz", "cursosparapotenciarte.store", "faithsquint.sbs", "otom.blue", "mamaandpapafoodtruck.com", "287by.com", "memoryuniverse.com", "televizeme.tech", "zpw168.com", "kayseriozelders.xyz", "solytics.xyz", "3kidsandahouse.com", "020dd.com", "shawlco.com", "wekiok05.top", "zalandashop.com", "tenergia.info", "nedreptate.net", "dentalimplantnearme-sg.space", "vpussy.com", "katzenglueck.net", "leftygolf.online", "simplehealthquotes.today", "estuidioma.online", "aviaboofit.site"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1cbb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18839:$sqlite3step: 68 34 1C 7B E1
    • 0x1894c:$sqlite3step: 68 34 1C 7B E1
    • 0x18868:$sqlite3text: 68 38 2A 90 C5
    • 0x1898d:$sqlite3text: 68 38 2A 90 C5
    • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.0.6109238.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.0.6109238.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1bdb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x9bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x14aa7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        5.0.6109238.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.0.6109238.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a39:$sqlite3step: 68 34 1C 7B E1
        • 0x17b4c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a68:$sqlite3text: 68 38 2A 90 C5
        • 0x17b8d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a7b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17ba3:$sqlite3blob: 68 53 D8 7F 8C
        0.2.6109238.exe.43053d8.6.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 6109238.exeReversingLabs: Detection: 29%
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: www.ruichuo888.com/g2i8/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\eHkVrJJ.exeReversingLabs: Detection: 29%
          Machine Learning detection for sample
          Source: 6109238.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\eHkVrJJ.exeJoe Sandbox ML: detected
          Source: 5.0.6109238.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.ruichuo888.com/g2i8/"], "decoy": ["ziezi.top", "vngik.com", "alternativaporbenidorm.com", "papinahooy.com", "aldemyangin.com", "943757.com", "ayty8.com", "rindedwladku.xyz", "highwoodcorp.com", "tyarx.com", "pikkunoita.online", "airtaxifl.com", "bjbjbfc.com", "busan.xyz", "ieeeturkeyblog.com", "valtuo.store", "xinyenet.net", "ditral.com", "protocolozero.info", "newbrunswickcreditunions.com", "elainebaby.xyz", "koidesignstudio.com", "99vin.group", "archipel-aventure.com", "khademi.group", "takaboar.com", "rzxx123.net", "games-wedding.com", "spinhaus.com", "51sic.com", "3dtouch.asia", "tracking173.xyz", "febmaklstudio.xyz", "cookingshots.com", "royaltristate.com", "amangift.store", "vehicleaccessories.store", "kannadasuddi.com", "the4weekway.international", "asd1118.xyz", "cursosparapotenciarte.store", "faithsquint.sbs", "otom.blue", "mamaandpapafoodtruck.com", "287by.com", "memoryuniverse.com", "televizeme.tech", "zpw168.com", "kayseriozelders.xyz", "solytics.xyz", "3kidsandahouse.com", "020dd.com", "shawlco.com", "wekiok05.top", "zalandashop.com", "tenergia.info", "nedreptate.net", "dentalimplantnearme-sg.space", "vpussy.com", "katzenglueck.net", "leftygolf.online", "simplehealthquotes.today", "estuidioma.online", "aviaboofit.site"]}
          Source: 6109238.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 6109238.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: 6109238.exe, 00000005.00000003.427753698.0000000001558000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000003.424452621.00000000013C0000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.642772599.0000000003480000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.536061575.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.643970249.000000000359F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.533670092.0000000000FFA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 6109238.exe, 6109238.exe, 00000005.00000003.427753698.0000000001558000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000003.424452621.00000000013C0000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.642772599.0000000003480000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.536061575.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.643970249.000000000359F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.533670092.0000000000FFA000.00000004.00000800.00020000.00000000.sdmp

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.ruichuo888.com/g2i8/
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 6109238.exe, 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: 6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: 6109238.exe PID: 1980, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: 6109238.exe PID: 5392, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: help.exe PID: 2056, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 6109238.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: 6109238.exe PID: 1980, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: 6109238.exe PID: 5392, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: help.exe PID: 2056, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\6109238.exeCode function: 0_2_0186D1CC0_2_0186D1CC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 0_2_0186F1600_2_0186F160
          Source: C:\Users\user\Desktop\6109238.exeCode function: 0_2_0186F1700_2_0186F170
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017341205_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171F9005_2_0171F900
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D10025_2_017D1002
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E28EC5_2_017E28EC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A05_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E20A85_2_017E20A8
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172B0905_2_0172B090
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E2B285_2_017E2B28
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DDBD25_2_017DDBD2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174EBB05_2_0174EBB0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E22AE5_2_017E22AE
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E1D555_2_017E1D55
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01710D205_2_01710D20
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E2D075_2_017E2D07
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172D5E05_2_0172D5E0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E25DD5_2_017E25DD
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017425815_2_01742581
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DD4665_2_017DD466
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172841F5_2_0172841F
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E1FF15_2_017E1FF1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01736E305_2_01736E30
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DD6165_2_017DD616
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E2EF75_2_017E2EF7
          Source: C:\Users\user\Desktop\6109238.exeCode function: String function: 0171B150 appears 35 times
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_01759910
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017599A0 NtCreateSection,LdrInitializeThunk,5_2_017599A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759860 NtQuerySystemInformation,LdrInitializeThunk,5_2_01759860
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759840 NtDelayExecution,LdrInitializeThunk,5_2_01759840
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017598F0 NtReadVirtualMemory,LdrInitializeThunk,5_2_017598F0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759A50 NtCreateFile,LdrInitializeThunk,5_2_01759A50
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759A20 NtResumeThread,LdrInitializeThunk,5_2_01759A20
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759A00 NtProtectVirtualMemory,LdrInitializeThunk,5_2_01759A00
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759540 NtReadFile,LdrInitializeThunk,5_2_01759540
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017595D0 NtClose,LdrInitializeThunk,5_2_017595D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759710 NtQueryInformationToken,LdrInitializeThunk,5_2_01759710
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017597A0 NtUnmapViewOfSection,LdrInitializeThunk,5_2_017597A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759780 NtMapViewOfSection,LdrInitializeThunk,5_2_01759780
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_01759660
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017596E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_017596E0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759950 NtQueueApcThread,5_2_01759950
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017599D0 NtCreateProcessEx,5_2_017599D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175B040 NtSuspendThread,5_2_0175B040
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759820 NtEnumerateKey,5_2_01759820
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017598A0 NtWriteVirtualMemory,5_2_017598A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759B00 NtSetValueKey,5_2_01759B00
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175A3B0 NtGetContextThread,5_2_0175A3B0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759A10 NtQuerySection,5_2_01759A10
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759A80 NtOpenDirectoryObject,5_2_01759A80
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759560 NtWriteFile,5_2_01759560
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175AD30 NtSetContextThread,5_2_0175AD30
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759520 NtWaitForSingleObject,5_2_01759520
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017595F0 NtQueryInformationFile,5_2_017595F0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175A770 NtOpenThread,5_2_0175A770
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759770 NtSetInformationFile,5_2_01759770
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759760 NtOpenProcess,5_2_01759760
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759730 NtQueryVirtualMemory,5_2_01759730
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175A710 NtOpenProcessToken,5_2_0175A710
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759FE0 NtCreateMutant,5_2_01759FE0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759670 NtQueryInformationProcess,5_2_01759670
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759650 NtQueryValueKey,5_2_01759650
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759610 NtEnumerateValueKey,5_2_01759610
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017596D0 NtCreateKey,5_2_017596D0
          Source: 6109238.exe, 00000000.00000002.448879453.0000000007930000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKeysNormalize.dll4 vs 6109238.exe
          Source: 6109238.exe, 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs 6109238.exe
          Source: 6109238.exe, 00000000.00000000.367739549.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBinaryAr.exeB vs 6109238.exe
          Source: 6109238.exe, 00000000.00000002.449934520.0000000007BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs 6109238.exe
          Source: 6109238.exe, 00000000.00000002.449404490.0000000007A60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs 6109238.exe
          Source: 6109238.exe, 00000005.00000003.430684639.0000000001677000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 6109238.exe
          Source: 6109238.exe, 00000005.00000003.426052343.00000000014D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 6109238.exe
          Source: 6109238.exe, 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 6109238.exe
          Source: 6109238.exeBinary or memory string: OriginalFilenameBinaryAr.exeB vs 6109238.exe
          Source: C:\Users\user\Desktop\6109238.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: 6109238.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: eHkVrJJ.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 6109238.exeReversingLabs: Detection: 29%
          Source: C:\Users\user\Desktop\6109238.exeFile read: C:\Users\user\Desktop\6109238.exeJump to behavior
          Source: 6109238.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\6109238.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\6109238.exe "C:\Users\user\Desktop\6109238.exe"
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exe
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmp
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Users\user\Desktop\6109238.exe C:\Users\user\Desktop\6109238.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\6109238.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmpJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Users\user\Desktop\6109238.exe C:\Users\user\Desktop\6109238.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\6109238.exe"Jump to behavior
          Source: C:\Users\user\Desktop\6109238.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\6109238.exeFile created: C:\Users\user\AppData\Roaming\eHkVrJJ.exeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1585.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@13/8@0/0
          Source: C:\Users\user\Desktop\6109238.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: 6109238.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\6109238.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1384:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_01
          Source: C:\Users\user\Desktop\6109238.exeMutant created: \Sessions\1\BaseNamedObjects\AjTPgfGGWTEvNoTEhQPc
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_01
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\6109238.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: 6109238.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 6109238.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: 6109238.exe, 00000005.00000003.427753698.0000000001558000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000003.424452621.00000000013C0000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.642772599.0000000003480000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.536061575.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.643970249.000000000359F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.533670092.0000000000FFA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 6109238.exe, 6109238.exe, 00000005.00000003.427753698.0000000001558000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, 6109238.exe, 00000005.00000003.424452621.00000000013C0000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.642772599.0000000003480000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.536061575.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000002.643970249.000000000359F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 0000000A.00000003.533670092.0000000000FFA000.00000004.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0176D0D1 push ecx; ret 5_2_0176D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.729019884750608
          Source: initial sampleStatic PE information: section name: .text entropy: 7.729019884750608
          Source: C:\Users\user\Desktop\6109238.exeFile created: C:\Users\user\AppData\Roaming\eHkVrJJ.exeJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmp

          Hooking and other Techniques for Hiding and Protection

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8E 0xEE 0xE8
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 6109238.exe PID: 1980, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: 6109238.exe, 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: 6109238.exe, 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\6109238.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\6109238.exeRDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000000C79904 second address: 0000000000C7990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000000C79B6E second address: 0000000000C79B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\6109238.exe TID: 924Thread sleep time: -45877s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\6109238.exe TID: 4008Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2332Thread sleep time: -6456360425798339s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E5BA5 rdtsc 5_2_017E5BA5
          Source: C:\Users\user\Desktop\6109238.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9329Jump to behavior
          Source: C:\Users\user\Desktop\6109238.exeAPI coverage: 5.2 %
          Source: C:\Users\user\Desktop\6109238.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeThread delayed: delay time: 45877Jump to behavior
          Source: C:\Users\user\Desktop\6109238.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000009.00000000.494644616.0000000007FBD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000009.00000000.494644616.0000000007FBD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}d
          Source: explorer.exe, 00000009.00000000.462973257.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: 6109238.exe, 00000000.00000002.449934520.0000000007BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: t4VMCiahkW98QFvBt5K
          Source: explorer.exe, 00000009.00000000.462973257.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000I
          Source: explorer.exe, 00000009.00000000.462973257.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: 6109238.exe, 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000000.00000002.449934520.0000000007BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: cfZLZJWV1qemuSyMDkE
          Source: explorer.exe, 00000009.00000000.488066558.00000000042EE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}q^
          Source: 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000009.00000000.507782837.00000000042A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000O
          Source: 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E5BA5 rdtsc 5_2_017E5BA5
          Source: C:\Users\user\Desktop\6109238.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171B171 mov eax, dword ptr fs:[00000030h]5_2_0171B171
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171B171 mov eax, dword ptr fs:[00000030h]5_2_0171B171
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171C962 mov eax, dword ptr fs:[00000030h]5_2_0171C962
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173B944 mov eax, dword ptr fs:[00000030h]5_2_0173B944
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173B944 mov eax, dword ptr fs:[00000030h]5_2_0173B944
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174513A mov eax, dword ptr fs:[00000030h]5_2_0174513A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174513A mov eax, dword ptr fs:[00000030h]5_2_0174513A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01734120 mov eax, dword ptr fs:[00000030h]5_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01734120 mov eax, dword ptr fs:[00000030h]5_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01734120 mov eax, dword ptr fs:[00000030h]5_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01734120 mov eax, dword ptr fs:[00000030h]5_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01734120 mov ecx, dword ptr fs:[00000030h]5_2_01734120
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719100 mov eax, dword ptr fs:[00000030h]5_2_01719100
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719100 mov eax, dword ptr fs:[00000030h]5_2_01719100
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719100 mov eax, dword ptr fs:[00000030h]5_2_01719100
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171B1E1 mov eax, dword ptr fs:[00000030h]5_2_0171B1E1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171B1E1 mov eax, dword ptr fs:[00000030h]5_2_0171B1E1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171B1E1 mov eax, dword ptr fs:[00000030h]5_2_0171B1E1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017A41E8 mov eax, dword ptr fs:[00000030h]5_2_017A41E8
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017951BE mov eax, dword ptr fs:[00000030h]5_2_017951BE
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017951BE mov eax, dword ptr fs:[00000030h]5_2_017951BE
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017951BE mov eax, dword ptr fs:[00000030h]5_2_017951BE
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017951BE mov eax, dword ptr fs:[00000030h]5_2_017951BE
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017461A0 mov eax, dword ptr fs:[00000030h]5_2_017461A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017461A0 mov eax, dword ptr fs:[00000030h]5_2_017461A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017969A6 mov eax, dword ptr fs:[00000030h]5_2_017969A6
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742990 mov eax, dword ptr fs:[00000030h]5_2_01742990
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173C182 mov eax, dword ptr fs:[00000030h]5_2_0173C182
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A185 mov eax, dword ptr fs:[00000030h]5_2_0174A185
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E1074 mov eax, dword ptr fs:[00000030h]5_2_017E1074
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D2073 mov eax, dword ptr fs:[00000030h]5_2_017D2073
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01730050 mov eax, dword ptr fs:[00000030h]5_2_01730050
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01730050 mov eax, dword ptr fs:[00000030h]5_2_01730050
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172B02A mov eax, dword ptr fs:[00000030h]5_2_0172B02A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172B02A mov eax, dword ptr fs:[00000030h]5_2_0172B02A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172B02A mov eax, dword ptr fs:[00000030h]5_2_0172B02A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172B02A mov eax, dword ptr fs:[00000030h]5_2_0172B02A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174002D mov eax, dword ptr fs:[00000030h]5_2_0174002D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174002D mov eax, dword ptr fs:[00000030h]5_2_0174002D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174002D mov eax, dword ptr fs:[00000030h]5_2_0174002D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174002D mov eax, dword ptr fs:[00000030h]5_2_0174002D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174002D mov eax, dword ptr fs:[00000030h]5_2_0174002D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E4015 mov eax, dword ptr fs:[00000030h]5_2_017E4015
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E4015 mov eax, dword ptr fs:[00000030h]5_2_017E4015
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797016 mov eax, dword ptr fs:[00000030h]5_2_01797016
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797016 mov eax, dword ptr fs:[00000030h]5_2_01797016
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797016 mov eax, dword ptr fs:[00000030h]5_2_01797016
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017158EC mov eax, dword ptr fs:[00000030h]5_2_017158EC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov eax, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov ecx, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov eax, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov eax, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov eax, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AB8D0 mov eax, dword ptr fs:[00000030h]5_2_017AB8D0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174F0BF mov ecx, dword ptr fs:[00000030h]5_2_0174F0BF
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174F0BF mov eax, dword ptr fs:[00000030h]5_2_0174F0BF
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174F0BF mov eax, dword ptr fs:[00000030h]5_2_0174F0BF
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017420A0 mov eax, dword ptr fs:[00000030h]5_2_017420A0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017590AF mov eax, dword ptr fs:[00000030h]5_2_017590AF
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719080 mov eax, dword ptr fs:[00000030h]5_2_01719080
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01793884 mov eax, dword ptr fs:[00000030h]5_2_01793884
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01793884 mov eax, dword ptr fs:[00000030h]5_2_01793884
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01743B7A mov eax, dword ptr fs:[00000030h]5_2_01743B7A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01743B7A mov eax, dword ptr fs:[00000030h]5_2_01743B7A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171DB60 mov ecx, dword ptr fs:[00000030h]5_2_0171DB60
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8B58 mov eax, dword ptr fs:[00000030h]5_2_017E8B58
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171F358 mov eax, dword ptr fs:[00000030h]5_2_0171F358
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171DB40 mov eax, dword ptr fs:[00000030h]5_2_0171DB40
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D131B mov eax, dword ptr fs:[00000030h]5_2_017D131B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017403E2 mov eax, dword ptr fs:[00000030h]5_2_017403E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173DBE9 mov eax, dword ptr fs:[00000030h]5_2_0173DBE9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017953CA mov eax, dword ptr fs:[00000030h]5_2_017953CA
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017953CA mov eax, dword ptr fs:[00000030h]5_2_017953CA
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744BAD mov eax, dword ptr fs:[00000030h]5_2_01744BAD
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744BAD mov eax, dword ptr fs:[00000030h]5_2_01744BAD
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744BAD mov eax, dword ptr fs:[00000030h]5_2_01744BAD
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E5BA5 mov eax, dword ptr fs:[00000030h]5_2_017E5BA5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742397 mov eax, dword ptr fs:[00000030h]5_2_01742397
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174B390 mov eax, dword ptr fs:[00000030h]5_2_0174B390
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D138A mov eax, dword ptr fs:[00000030h]5_2_017D138A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017CD380 mov ecx, dword ptr fs:[00000030h]5_2_017CD380
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01721B8F mov eax, dword ptr fs:[00000030h]5_2_01721B8F
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01721B8F mov eax, dword ptr fs:[00000030h]5_2_01721B8F
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0175927A mov eax, dword ptr fs:[00000030h]5_2_0175927A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017CB260 mov eax, dword ptr fs:[00000030h]5_2_017CB260
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017CB260 mov eax, dword ptr fs:[00000030h]5_2_017CB260
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8A62 mov eax, dword ptr fs:[00000030h]5_2_017E8A62
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DEA55 mov eax, dword ptr fs:[00000030h]5_2_017DEA55
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017A4257 mov eax, dword ptr fs:[00000030h]5_2_017A4257
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719240 mov eax, dword ptr fs:[00000030h]5_2_01719240
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719240 mov eax, dword ptr fs:[00000030h]5_2_01719240
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719240 mov eax, dword ptr fs:[00000030h]5_2_01719240
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01719240 mov eax, dword ptr fs:[00000030h]5_2_01719240
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01754A2C mov eax, dword ptr fs:[00000030h]5_2_01754A2C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01754A2C mov eax, dword ptr fs:[00000030h]5_2_01754A2C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01715210 mov eax, dword ptr fs:[00000030h]5_2_01715210
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01715210 mov ecx, dword ptr fs:[00000030h]5_2_01715210
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01715210 mov eax, dword ptr fs:[00000030h]5_2_01715210
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01715210 mov eax, dword ptr fs:[00000030h]5_2_01715210
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171AA16 mov eax, dword ptr fs:[00000030h]5_2_0171AA16
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171AA16 mov eax, dword ptr fs:[00000030h]5_2_0171AA16
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01733A1C mov eax, dword ptr fs:[00000030h]5_2_01733A1C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01728A0A mov eax, dword ptr fs:[00000030h]5_2_01728A0A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742AE4 mov eax, dword ptr fs:[00000030h]5_2_01742AE4
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742ACB mov eax, dword ptr fs:[00000030h]5_2_01742ACB
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172AAB0 mov eax, dword ptr fs:[00000030h]5_2_0172AAB0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172AAB0 mov eax, dword ptr fs:[00000030h]5_2_0172AAB0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174FAB0 mov eax, dword ptr fs:[00000030h]5_2_0174FAB0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017152A5 mov eax, dword ptr fs:[00000030h]5_2_017152A5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017152A5 mov eax, dword ptr fs:[00000030h]5_2_017152A5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017152A5 mov eax, dword ptr fs:[00000030h]5_2_017152A5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017152A5 mov eax, dword ptr fs:[00000030h]5_2_017152A5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017152A5 mov eax, dword ptr fs:[00000030h]5_2_017152A5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174D294 mov eax, dword ptr fs:[00000030h]5_2_0174D294
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174D294 mov eax, dword ptr fs:[00000030h]5_2_0174D294
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173C577 mov eax, dword ptr fs:[00000030h]5_2_0173C577
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173C577 mov eax, dword ptr fs:[00000030h]5_2_0173C577
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01737D50 mov eax, dword ptr fs:[00000030h]5_2_01737D50
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01753D43 mov eax, dword ptr fs:[00000030h]5_2_01753D43
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01793540 mov eax, dword ptr fs:[00000030h]5_2_01793540
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171AD30 mov eax, dword ptr fs:[00000030h]5_2_0171AD30
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DE539 mov eax, dword ptr fs:[00000030h]5_2_017DE539
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01723D34 mov eax, dword ptr fs:[00000030h]5_2_01723D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8D34 mov eax, dword ptr fs:[00000030h]5_2_017E8D34
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0179A537 mov eax, dword ptr fs:[00000030h]5_2_0179A537
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744D3B mov eax, dword ptr fs:[00000030h]5_2_01744D3B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744D3B mov eax, dword ptr fs:[00000030h]5_2_01744D3B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01744D3B mov eax, dword ptr fs:[00000030h]5_2_01744D3B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017C8DF1 mov eax, dword ptr fs:[00000030h]5_2_017C8DF1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172D5E0 mov eax, dword ptr fs:[00000030h]5_2_0172D5E0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172D5E0 mov eax, dword ptr fs:[00000030h]5_2_0172D5E0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DFDE2 mov eax, dword ptr fs:[00000030h]5_2_017DFDE2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DFDE2 mov eax, dword ptr fs:[00000030h]5_2_017DFDE2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DFDE2 mov eax, dword ptr fs:[00000030h]5_2_017DFDE2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DFDE2 mov eax, dword ptr fs:[00000030h]5_2_017DFDE2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov eax, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov eax, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov eax, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov ecx, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov eax, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796DC9 mov eax, dword ptr fs:[00000030h]5_2_01796DC9
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01741DB5 mov eax, dword ptr fs:[00000030h]5_2_01741DB5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01741DB5 mov eax, dword ptr fs:[00000030h]5_2_01741DB5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01741DB5 mov eax, dword ptr fs:[00000030h]5_2_01741DB5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E05AC mov eax, dword ptr fs:[00000030h]5_2_017E05AC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E05AC mov eax, dword ptr fs:[00000030h]5_2_017E05AC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017435A1 mov eax, dword ptr fs:[00000030h]5_2_017435A1
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174FD9B mov eax, dword ptr fs:[00000030h]5_2_0174FD9B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174FD9B mov eax, dword ptr fs:[00000030h]5_2_0174FD9B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742581 mov eax, dword ptr fs:[00000030h]5_2_01742581
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742581 mov eax, dword ptr fs:[00000030h]5_2_01742581
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742581 mov eax, dword ptr fs:[00000030h]5_2_01742581
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01742581 mov eax, dword ptr fs:[00000030h]5_2_01742581
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01712D8A mov eax, dword ptr fs:[00000030h]5_2_01712D8A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01712D8A mov eax, dword ptr fs:[00000030h]5_2_01712D8A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01712D8A mov eax, dword ptr fs:[00000030h]5_2_01712D8A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01712D8A mov eax, dword ptr fs:[00000030h]5_2_01712D8A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01712D8A mov eax, dword ptr fs:[00000030h]5_2_01712D8A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173746D mov eax, dword ptr fs:[00000030h]5_2_0173746D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AC450 mov eax, dword ptr fs:[00000030h]5_2_017AC450
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AC450 mov eax, dword ptr fs:[00000030h]5_2_017AC450
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A44B mov eax, dword ptr fs:[00000030h]5_2_0174A44B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174BC2C mov eax, dword ptr fs:[00000030h]5_2_0174BC2C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E740D mov eax, dword ptr fs:[00000030h]5_2_017E740D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E740D mov eax, dword ptr fs:[00000030h]5_2_017E740D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E740D mov eax, dword ptr fs:[00000030h]5_2_017E740D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796C0A mov eax, dword ptr fs:[00000030h]5_2_01796C0A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796C0A mov eax, dword ptr fs:[00000030h]5_2_01796C0A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796C0A mov eax, dword ptr fs:[00000030h]5_2_01796C0A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796C0A mov eax, dword ptr fs:[00000030h]5_2_01796C0A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1C06 mov eax, dword ptr fs:[00000030h]5_2_017D1C06
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D14FB mov eax, dword ptr fs:[00000030h]5_2_017D14FB
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796CF0 mov eax, dword ptr fs:[00000030h]5_2_01796CF0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796CF0 mov eax, dword ptr fs:[00000030h]5_2_01796CF0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01796CF0 mov eax, dword ptr fs:[00000030h]5_2_01796CF0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8CD6 mov eax, dword ptr fs:[00000030h]5_2_017E8CD6
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172849B mov eax, dword ptr fs:[00000030h]5_2_0172849B
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172FF60 mov eax, dword ptr fs:[00000030h]5_2_0172FF60
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8F6A mov eax, dword ptr fs:[00000030h]5_2_017E8F6A
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172EF40 mov eax, dword ptr fs:[00000030h]5_2_0172EF40
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174E730 mov eax, dword ptr fs:[00000030h]5_2_0174E730
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01714F2E mov eax, dword ptr fs:[00000030h]5_2_01714F2E
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01714F2E mov eax, dword ptr fs:[00000030h]5_2_01714F2E
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173F716 mov eax, dword ptr fs:[00000030h]5_2_0173F716
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AFF10 mov eax, dword ptr fs:[00000030h]5_2_017AFF10
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AFF10 mov eax, dword ptr fs:[00000030h]5_2_017AFF10
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E070D mov eax, dword ptr fs:[00000030h]5_2_017E070D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E070D mov eax, dword ptr fs:[00000030h]5_2_017E070D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A70E mov eax, dword ptr fs:[00000030h]5_2_0174A70E
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A70E mov eax, dword ptr fs:[00000030h]5_2_0174A70E
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017537F5 mov eax, dword ptr fs:[00000030h]5_2_017537F5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01728794 mov eax, dword ptr fs:[00000030h]5_2_01728794
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797794 mov eax, dword ptr fs:[00000030h]5_2_01797794
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797794 mov eax, dword ptr fs:[00000030h]5_2_01797794
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01797794 mov eax, dword ptr fs:[00000030h]5_2_01797794
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173AE73 mov eax, dword ptr fs:[00000030h]5_2_0173AE73
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173AE73 mov eax, dword ptr fs:[00000030h]5_2_0173AE73
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173AE73 mov eax, dword ptr fs:[00000030h]5_2_0173AE73
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173AE73 mov eax, dword ptr fs:[00000030h]5_2_0173AE73
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0173AE73 mov eax, dword ptr fs:[00000030h]5_2_0173AE73
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0172766D mov eax, dword ptr fs:[00000030h]5_2_0172766D
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01727E41 mov eax, dword ptr fs:[00000030h]5_2_01727E41
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DAE44 mov eax, dword ptr fs:[00000030h]5_2_017DAE44
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017DAE44 mov eax, dword ptr fs:[00000030h]5_2_017DAE44
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017CFE3F mov eax, dword ptr fs:[00000030h]5_2_017CFE3F
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171E620 mov eax, dword ptr fs:[00000030h]5_2_0171E620
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A61C mov eax, dword ptr fs:[00000030h]5_2_0174A61C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0174A61C mov eax, dword ptr fs:[00000030h]5_2_0174A61C
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171C600 mov eax, dword ptr fs:[00000030h]5_2_0171C600
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171C600 mov eax, dword ptr fs:[00000030h]5_2_0171C600
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_0171C600 mov eax, dword ptr fs:[00000030h]5_2_0171C600
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01748E00 mov eax, dword ptr fs:[00000030h]5_2_01748E00
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017D1608 mov eax, dword ptr fs:[00000030h]5_2_017D1608
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017276E2 mov eax, dword ptr fs:[00000030h]5_2_017276E2
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017416E0 mov ecx, dword ptr fs:[00000030h]5_2_017416E0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E8ED6 mov eax, dword ptr fs:[00000030h]5_2_017E8ED6
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01758EC7 mov eax, dword ptr fs:[00000030h]5_2_01758EC7
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017436CC mov eax, dword ptr fs:[00000030h]5_2_017436CC
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017CFEC0 mov eax, dword ptr fs:[00000030h]5_2_017CFEC0
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E0EA5 mov eax, dword ptr fs:[00000030h]5_2_017E0EA5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E0EA5 mov eax, dword ptr fs:[00000030h]5_2_017E0EA5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017E0EA5 mov eax, dword ptr fs:[00000030h]5_2_017E0EA5
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017946A7 mov eax, dword ptr fs:[00000030h]5_2_017946A7
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_017AFE87 mov eax, dword ptr fs:[00000030h]5_2_017AFE87
          Source: C:\Users\user\Desktop\6109238.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeCode function: 5_2_01759910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_01759910
          Source: C:\Users\user\Desktop\6109238.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\6109238.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 12D0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\6109238.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\6109238.exeMemory written: C:\Users\user\Desktop\6109238.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\6109238.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\6109238.exeThread register set: target process: 3688Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3688Jump to behavior
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exe
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exeJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmpJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeProcess created: C:\Users\user\Desktop\6109238.exe C:\Users\user\Desktop\6109238.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\6109238.exe"Jump to behavior
          Source: explorer.exe, 00000009.00000000.505710262.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.441486575.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.588089772.000000000081C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000009.00000000.505710262.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.441486575.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.439978724.0000000000778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000009.00000000.505710262.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.441486575.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.589451145.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000009.00000000.505710262.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.441486575.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.589451145.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Users\user\Desktop\6109238.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\6109238.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.6109238.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.6109238.exe.43053d8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		512
          Process Injection          		1
          Rootkit          		1
          Credential API Hooking          		321
          Security Software Discovery          		Remote Services1
          Credential API Hooking          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		1
          DLL Side-Loading          		1
          Scheduled Task/Job          		1
          Masquerading          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth1
          Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)1
          DLL Side-Loading          		11
          Disable or Modify Tools          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)31
          Virtualization/Sandbox Evasion          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script512
          Process Injection          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Deobfuscate/Decode Files or Information          		Cached Domain Credentials112
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items3
          Obfuscated Files or Information          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job3
          Software Packing          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
          DLL Side-Loading          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 680485 Sample: 6109238.exe Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 Multi AV Scanner detection for dropped file 2->46 48 8 other signatures 2->48 10 6109238.exe 7 2->10         started        process3 file4 34 C:\Users\user\AppData\Roaming\eHkVrJJ.exe, PE32 10->34 dropped 36 C:\Users\user\...\eHkVrJJ.exe:Zone.Identifier, ASCII 10->36 dropped 38 C:\Users\user\AppData\Local\...\tmp1585.tmp, XML 10->38 dropped 40 C:\Users\user\AppData\...\6109238.exe.log, ASCII 10->40 dropped 50 Uses schtasks.exe or at.exe to add and modify task schedules 10->50 52 Adds a directory exclusion to Windows Defender 10->52 54 Tries to detect virtualization through RDTSC time measurements 10->54 56 Injects a PE file into a foreign processes 10->56 14 6109238.exe 10->14         started        17 powershell.exe 23 10->17         started        19 schtasks.exe 1 10->19         started        signatures5 process6 signatures7 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Sample uses process hollowing technique 14->68 70 Queues an APC in another process (thread injection) 14->70 21 explorer.exe 14->21 injected 23 conhost.exe 17->23         started        25 conhost.exe 19->25         started        process8 process9 27 help.exe 21->27         started        signatures10 58 Modifies the context of a thread in another process (thread injection) 27->58 60 Maps a DLL or memory area into another process 27->60 62 Tries to detect virtualization through RDTSC time measurements 27->62 30 cmd.exe 1 27->30         started        process11 process12 32 conhost.exe 30->32         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          6109238.exe29%ReversingLabsByteCode-MSIL.Trojan.Pwsx
          6109238.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\eHkVrJJ.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\eHkVrJJ.exe29%ReversingLabsByteCode-MSIL.Trojan.Pwsx

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.0.6109238.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          www.ruichuo888.com/g2i8/100%Avira URL Cloudmalware
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.ruichuo888.com/g2i8/true
          • Avira URL Cloud: malware
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.06109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.fontbureau.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.fontbureau.com/designersG6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.com/designers/?6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bThe6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers?6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.tiro.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.goodfont.co.kr6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.coml6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sajatypeworks.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.typography.netD6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlN6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/cThe6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.galapagosdesign.com/staff/dennis.htm6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://fontfabrik.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/frere-jones.html6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.galapagosdesign.com/DPlease6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers86109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fonts.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.sandoll.co.kr6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.urwpp.deDPlease6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cn6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name6109238.exe, 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, 6109238.exe, 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sakkal.com6109238.exe, 00000000.00000002.446511442.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                No contacted IP infos

                                General Information

                                Joe Sandbox Version:35.0.0 Citrine
                                Analysis ID:680485
                                Start date and time: 08/08/202217:24:072022-08-08 17:24:07 +02:00
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 8m 45s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:6109238.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:15
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:1
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@13/8@0/0
                                EGA Information:
                                • Successful, ratio: 100%
                                HDC Information:
                                • Successful, ratio: 93.2% (good quality ratio 80.9%)
                                • Quality average: 71.5%
                                • Quality standard deviation: 33.6%
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 24
                                • Number of non-executed functions: 151
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Adjust boot time
                                • Enable AMSI

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: 6109238.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                17:25:31API Interceptor1x Sleep call for process: 6109238.exe modified
                                17:25:38API Interceptor39x Sleep call for process: powershell.exe modified

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                No context

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6109238.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\6109238.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):1308
                                Entropy (8bit):5.345811588615766
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                MD5:2E016B886BDB8389D2DD0867BE55F87B
                                SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                Malicious:true
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22192
                                Entropy (8bit):5.602774286628419
                                Encrypted:false
                                SSDEEP:384:utCD+0eRZo20g+p3elSBKnEjs/M7nvGL3Ss3YQMtEm+K+AV7bnU5LYI++2YV:QR22H4KEo/bDeKspQ
                                MD5:003DA7014349DC14452BB166F8A2AF7D
                                SHA1:C493FF8D600C343A36E0C291137DEAF67D37E86E
                                SHA-256:4CAFD983380A247DA3841CA842458B0A0399B081AC8077E7962533FB371F1FCC
                                SHA-512:C0AF534E916D7F7BF51649BDF387847809D61481D86232DFB544010DA3DC3F7A9EB0FAD7E2E82AAEBE3DEE895156701CBE6182B2B910A1C2CAFAD00D3202A7EA
                                Malicious:false
                                Preview:@...e...........d.........j.=.1.....A.y..............@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_djzcffe1.bda.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kmqndebx.s0u.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\tmp1585.tmp

                                Download File
                                Process:C:\Users\user\Desktop\6109238.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1606
                                Entropy (8bit):5.1199910671225615
                                Encrypted:false
                                SSDEEP:24:2di4+S2qh/S1K2ky1mo2dUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtL0xvn:cgea6YrFdOFzOzN33ODOiDdKrsuTwv
                                MD5:B2C79088E946DE62D82F2E58E5C4FAE7
                                SHA1:0E2C066C76F11AC9667555A595873ABE7F0674D6
                                SHA-256:39CB5732D5B565108FD6473E39447FCD86078EAD8C4D01EB33AD3C9D825D516E
                                SHA-512:E26983344AE2EA7CFB27AADFF50AA43B7498128A94607BB456AED5E7826F39FDF38D79D5977BB3E3A15505F52F4CECC5FCC287BD55C46858CE0CBDA2AA8F7F42
                                Malicious:true
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailab

                                C:\Users\user\AppData\Roaming\eHkVrJJ.exe

                                Download File
                                Process:C:\Users\user\Desktop\6109238.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):874496
                                Entropy (8bit):7.722977017951353
                                Encrypted:false
                                SSDEEP:24576:QxgV10/5JdIBRMJ0bi7FbjVte9IbUDHDl:ogVWFIBRc0b4FL7U
                                MD5:2AEB09E3B19012D3D2ADD45559422416
                                SHA1:0364E572469A4BFB486C982348C7FA62CCB7E818
                                SHA-256:917E03484856F0980F2150822A231E0F73E3CEF3F074EA1644DCBD1082590399
                                SHA-512:EAC61F118AFEB8F0444EF6623795E4D9201FE13C0EB3C6F4C1800331860E2538A1017B3F09D0B20D6FF8496ADBE3F38BDC7E93C154F82A35A64FB2AAA3C2F77D
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 29%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0..P...........n... ........@.. ....................................@.................................pn..K.................................................................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B.................n......H........{..............................................................0..........*....0..k..........K...%.r...p.%.r+..p.%.r9..p.}......}.....(.......(......{.....(......{.....(.....~....t.....{....(....&*..0..:........ &\.. cmZQa%..^E................+..(...... ...Z ..%a+.*...0...........*...0................ .7. ...a%....^E............................n.......[...........$...........9.......l.......A.......................8...... ..XQZ X...a8w.....-. ^q.1%+. .q?.%&.. ..

                                C:\Users\user\AppData\Roaming\eHkVrJJ.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\6109238.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:true
                                Preview:[ZoneTransfer]....ZoneId=0

                                C:\Users\user\Documents\20220808\PowerShell_transcript.841675.UFlE9n5j.20220808172536.txt

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):5807
                                Entropy (8bit):5.375386426126985
                                Encrypted:false
                                SSDEEP:96:BZPTL/NRqDo1ZdZbTL/NRqDo1Z5l/NjZGTL/NRqDo1ZoQddSZ1:7
                                MD5:8E2A47A69E2C42272669F5CA452E2967
                                SHA1:F1C2A50D71832BEA952FEB45EBAA57C7B16EDEB2
                                SHA-256:234721E3D39262F2111F652946F16B84AA45484C2E9F1F0E48E90AF5204E1391
                                SHA-512:9545CE5A9475A3D9474F57FDE7CF9D48C2B34FE30DAE4691437DF33DFF624A876CD8BE0AD10155E2FB1D40609C58934DD52C5DCC327CAB286CB149D7F4D7515D
                                Malicious:false
                                Preview:.**********************..Windows PowerShell transcript start..Start time: 20220808172537..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 841675 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\eHkVrJJ.exe..Process ID: 5756..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220808172537..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\eHkVrJJ.exe..**********************..Windows PowerShell transcript start..Start time: 20220808173031..Username: computer\user..RunAs User: DESKTOP-716

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.722977017951353
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                File name:6109238.exe
                                File size:874496
                                MD5:2aeb09e3b19012d3d2add45559422416
                                SHA1:0364e572469a4bfb486c982348c7fa62ccb7e818
                                SHA256:917e03484856f0980f2150822a231e0f73e3cef3f074ea1644dcbd1082590399
                                SHA512:eac61f118afeb8f0444ef6623795e4d9201fe13c0eb3c6f4c1800331860e2538a1017b3f09d0b20d6ff8496adbe3f38bdc7e93c154f82a35a64fb2aaa3c2f77d
                                SSDEEP:24576:QxgV10/5JdIBRMJ0bi7FbjVte9IbUDHDl:ogVWFIBRc0b4FL7U
                                TLSH:6C05AE5BBF10324DC9A7A975DE4B7C61A7F22C2E3226D0766517380E8AFF342DA11076
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0..P...........n... ........@.. ....................................@................................

                                File Icon

                                Icon Hash:00828e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x4d6ebe
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x62F10003 [Mon Aug 8 12:22:27 2022 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xd6e700x4b.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x398.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xd4ec40xd5000False0.7882945459213615data7.729019884750608IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xd80000x3980x400False0.373046875data2.8853098954714IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xda0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_VERSION0xd80580x33cdata

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                No network behavior found

                                Code Manipulations

                                User Modules

                                Hook Summary

                                Function NameHook TypeActive in Processes
                                PeekMessageAINLINEexplorer.exe
                                PeekMessageWINLINEexplorer.exe
                                GetMessageWINLINEexplorer.exe
                                GetMessageAINLINEexplorer.exe

                                Processes

                                Process: explorer.exe, Module: user32.dll
                                Function NameHook TypeNew Data
                                PeekMessageAINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE8
                                PeekMessageWINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE8
                                GetMessageWINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE8
                                GetMessageAINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE8

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:17:25:18
                                Start date:08/08/2022
                                Path:C:\Users\user\Desktop\6109238.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\6109238.exe"
                                Imagebase:0xde0000
                                File size:874496 bytes
                                MD5 hash:2AEB09E3B19012D3D2ADD45559422416
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.442527217.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.433596561.0000000003225000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.439859566.000000000345A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low

                                General

                                Target ID:1
                                Start time:17:25:34
                                Start date:08/08/2022
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\eHkVrJJ.exe
                                Imagebase:0xf10000
                                File size:430592 bytes
                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Reputation:high

                                General

                                Target ID:2
                                Start time:17:25:35
                                Start date:08/08/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6406f0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:3
                                Start time:17:25:35
                                Start date:08/08/2022
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\eHkVrJJ" /XML "C:\Users\user\AppData\Local\Temp\tmp1585.tmp
                                Imagebase:0xa0000
                                File size:185856 bytes
                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:4
                                Start time:17:25:38
                                Start date:08/08/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6406f0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:5
                                Start time:17:25:41
                                Start date:08/08/2022
                                Path:C:\Users\user\Desktop\6109238.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\Desktop\6109238.exe
                                Imagebase:0xbe0000
                                File size:874496 bytes
                                MD5 hash:2AEB09E3B19012D3D2ADD45559422416
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.423502729.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low

                                General

                                Target ID:9
                                Start time:17:25:51
                                Start date:08/08/2022
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\Explorer.EXE
                                Imagebase:0x7ff77c400000
                                File size:3933184 bytes
                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.498783665.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.519597064.000000000D7E0000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:high

                                General

                                Target ID:10
                                Start time:17:26:32
                                Start date:08/08/2022
                                Path:C:\Windows\SysWOW64\help.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\help.exe
                                Imagebase:0x12d0000
                                File size:10240 bytes
                                MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.640356208.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.640116150.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.639269207.0000000000C70000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate

                                General

                                Target ID:11
                                Start time:17:26:38
                                Start date:08/08/2022
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:/c del "C:\Users\user\Desktop\6109238.exe"
                                Imagebase:0xed0000
                                File size:232960 bytes
                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:12
                                Start time:17:26:39
                                Start date:08/08/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6406f0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:11.8%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:108
                                  Total number of Limit Nodes:9
                                  execution_graph 9643 186c688 9644 186c68d 9643->9644 9648 186c838 9644->9648 9651 186c848 9644->9651 9645 186c79d 9654 186beb4 9648->9654 9652 186c876 9651->9652 9653 186beb4 DuplicateHandle 9651->9653 9652->9645 9653->9652 9655 186c8b0 DuplicateHandle 9654->9655 9656 186c876 9655->9656 9656->9645 9657 1864118 9660 186412f 9657->9660 9658 18641bf 9660->9658 9663 18641f0 9660->9663 9667 18641e1 9660->9667 9671 18638f0 9660->9671 9664 1864202 9663->9664 9665 186420d 9664->9665 9675 18642d8 9664->9675 9665->9660 9668 1864202 9667->9668 9669 186420d 9668->9669 9670 18642d8 CreateActCtxA 9668->9670 9669->9660 9670->9669 9672 18638fb 9671->9672 9692 1865694 9672->9692 9674 186769a 9674->9660 9676 18642fd 9675->9676 9680 18643c8 9676->9680 9684 18643d8 9676->9684 9682 18643d8 9680->9682 9681 18644dc 9681->9681 9682->9681 9688 18640a0 9682->9688 9686 18643dd 9684->9686 9685 18644dc 9685->9685 9686->9685 9687 18640a0 CreateActCtxA 9686->9687 9687->9685 9689 1865868 CreateActCtxA 9688->9689 9691 186592b 9689->9691 9693 186569f 9692->9693 9696 1866eb4 9693->9696 9695 18677b5 9695->9674 9697 1866ebf 9696->9697 9700 1866ee4 9697->9700 9699 186789a 9699->9695 9701 1866eef 9700->9701 9704 1866f14 9701->9704 9703 186798a 9703->9699 9706 1866f1f 9704->9706 9705 18680dc 9705->9703 9706->9705 9709 186c3c0 9706->9709 9714 186c3b1 9706->9714 9711 186c3c5 9709->9711 9710 186c405 9710->9705 9711->9710 9719 186c570 9711->9719 9723 186c568 9711->9723 9716 186c3c0 9714->9716 9715 186c405 9715->9705 9716->9715 9717 186c570 2 API calls 9716->9717 9718 186c568 2 API calls 9716->9718 9717->9715 9718->9715 9720 186c57d 9719->9720 9721 186c5b7 9720->9721 9727 186be2c 9720->9727 9721->9710 9724 186c57d 9723->9724 9725 186c5b7 9724->9725 9726 186be2c 2 API calls 9724->9726 9725->9710 9726->9725 9728 186be37 9727->9728 9730 186cea8 9728->9730 9731 186bf14 9728->9731 9730->9730 9732 186bf1f 9731->9732 9733 1866f14 2 API calls 9732->9733 9734 186cf17 9733->9734 9738 186eca8 9734->9738 9744 186ec90 9734->9744 9735 186cf50 9735->9730 9740 186ecd9 9738->9740 9741 186ed25 9738->9741 9739 186ece5 9739->9735 9740->9739 9742 186f118 LoadLibraryExW GetModuleHandleW 9740->9742 9743 186f128 LoadLibraryExW GetModuleHandleW 9740->9743 9741->9735 9742->9741 9743->9741 9745 186ec15 9744->9745 9746 186ec9f 9744->9746 9745->9735 9747 186ece5 9746->9747 9748 186f118 LoadLibraryExW GetModuleHandleW 9746->9748 9749 186f128 LoadLibraryExW GetModuleHandleW 9746->9749 9747->9735 9748->9747 9749->9747 9750 186a298 9751 186a2a7 9750->9751 9754 186a390 9750->9754 9762 186a37f 9750->9762 9755 186a3a3 9754->9755 9756 186a3bb 9755->9756 9770 186a618 9755->9770 9774 186a609 9755->9774 9756->9751 9757 186a3b3 9757->9756 9758 186a5b8 GetModuleHandleW 9757->9758 9759 186a5e5 9758->9759 9759->9751 9763 186a3a3 9762->9763 9765 186a3bb 9763->9765 9768 186a618 LoadLibraryExW 9763->9768 9769 186a609 LoadLibraryExW 9763->9769 9764 186a3b3 9764->9765 9766 186a5b8 GetModuleHandleW 9764->9766 9765->9751 9767 186a5e5 9766->9767 9767->9751 9768->9764 9769->9764 9771 186a62c 9770->9771 9772 186a651 9771->9772 9778 1869de0 9771->9778 9772->9757 9775 186a62c 9774->9775 9776 1869de0 LoadLibraryExW 9775->9776 9777 186a651 9775->9777 9776->9777 9777->9757 9779 186a7f8 LoadLibraryExW 9778->9779 9781 186a871 9779->9781 9781->9772

                                  Executed Functions

                                  Function 0186A390 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0186A5D6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: d99b07fd4bc9ca085c65cb31f20f4b42ead9f89eaf04d0c1c7b246ecf67e424c
                                  • Instruction ID: 94c9e4c0989ca5eff6dfd5bbffa75cb435d06857866d459541bc2946e4478ad7
                                  • Opcode Fuzzy Hash: d99b07fd4bc9ca085c65cb31f20f4b42ead9f89eaf04d0c1c7b246ecf67e424c
                                  • Instruction Fuzzy Hash: 92712470A00B058FD728DF6AD58479ABBF5BF88314F00892DD48AE7B40DB75E9498F91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 018640A0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 55 18640a0-1865929 CreateActCtxA 58 1865932-186598c 55->58 59 186592b-1865931 55->59 66 186598e-1865991 58->66 67 186599b-186599f 58->67 59->58 66->67 68 18659b0 67->68 69 18659a1-18659ad 67->69 69->68
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 01865919
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: ef3bd9fa2c9dcbd61e34b600ca01eb3a033bf5a54a182d670d4488332562f93a
                                  • Instruction ID: 82014dbb524c914db10325b459eff61de56f57e5fe43f52ba0ad095bffa8008f
                                  • Opcode Fuzzy Hash: ef3bd9fa2c9dcbd61e34b600ca01eb3a033bf5a54a182d670d4488332562f93a
                                  • Instruction Fuzzy Hash: 7041D2B1C0071DCBDB24CFA9C884BCEBBB5BF49318F24816AD409AB251DB755949CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186BEB4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 71 186beb4-186c944 DuplicateHandle 73 186c946-186c94c 71->73 74 186c94d-186c96a 71->74 73->74
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0186C876,?,?,?,?,?), ref: 0186C937
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: d22e1004e750f69f1c41fdf4f74347210c0c74f4400279a43198a92aa9dc5379
                                  • Instruction ID: 26c4b7e4d58752f8562daba4c3ff35367c6b0573c7f9466ba259eb605f9d979c
                                  • Opcode Fuzzy Hash: d22e1004e750f69f1c41fdf4f74347210c0c74f4400279a43198a92aa9dc5379
                                  • Instruction Fuzzy Hash: EA21E4B5900248EFDB10CFA9D984ADEBBF8FB48324F14801AE954B3310D778A954CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186C8A8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 77 186c8a8-186c944 DuplicateHandle 78 186c946-186c94c 77->78 79 186c94d-186c96a 77->79 78->79
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0186C876,?,?,?,?,?), ref: 0186C937
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 97b3927e7baf4c16de31f97b34cd087100b7ea516794ac038b91a783e3bf0684
                                  • Instruction ID: 52285bd48bc0a437eee9087a4a1abac04f15028f5a74dda711101b094c37282e
                                  • Opcode Fuzzy Hash: 97b3927e7baf4c16de31f97b34cd087100b7ea516794ac038b91a783e3bf0684
                                  • Instruction Fuzzy Hash: 5321D2B5900258DFDB00CFA9D585BEEBBF8AB48324F14841AE954B3310D378A954CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01869DE0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 82 1869de0-186a838 84 186a840-186a86f LoadLibraryExW 82->84 85 186a83a-186a83d 82->85 86 186a871-186a877 84->86 87 186a878-186a895 84->87 85->84 86->87
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0186A651,00000800,00000000,00000000), ref: 0186A862
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: a7ecfcf6c3271b9573f025cdfeca3557f049dcae5355ab85afcf43bade3c677c
                                  • Instruction ID: 8f06131efb90f9fcf8aa181699bbc620d095f4bbbb87ea47ca84bc4756682275
                                  • Opcode Fuzzy Hash: a7ecfcf6c3271b9573f025cdfeca3557f049dcae5355ab85afcf43bade3c677c
                                  • Instruction Fuzzy Hash: 331106B69003099FDB14CF9AC484ADEFBF8EB48324F10842AD555B7600C778A549CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186A7F1 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 90 186a7f1-186a838 91 186a840-186a86f LoadLibraryExW 90->91 92 186a83a-186a83d 90->92 93 186a871-186a877 91->93 94 186a878-186a895 91->94 92->91 93->94
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0186A651,00000800,00000000,00000000), ref: 0186A862
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: e1ec212c5a26895e9f78ed351729427696f6f0e11c0290fad76545c0dc6b7a3c
                                  • Instruction ID: c852c999d6b478c297541177c9a2a0cc8024bc8d8ee9224b21ddbed23f2c4ee6
                                  • Opcode Fuzzy Hash: e1ec212c5a26895e9f78ed351729427696f6f0e11c0290fad76545c0dc6b7a3c
                                  • Instruction Fuzzy Hash: 021114B6D002098FDB14CFAAD544AEEFBF4EB98324F10842ED515B7600C378A549CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186A570 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 97 186a570-186a5b0 98 186a5b2-186a5b5 97->98 99 186a5b8-186a5e3 GetModuleHandleW 97->99 98->99 100 186a5e5-186a5eb 99->100 101 186a5ec-186a600 99->101 100->101
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0186A5D6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 11358c33743d416a1514854686c08d3580f005c80e30fd4b4608e11897d3dee4
                                  • Instruction ID: 587f68123f21405c2e0bb99d0949aed48d615c57044c5f7233851a74587c6d6b
                                  • Opcode Fuzzy Hash: 11358c33743d416a1514854686c08d3580f005c80e30fd4b4608e11897d3dee4
                                  • Instruction Fuzzy Hash: 4E1110B2C002498FDB14CF9AD444BDEFBF8AB88324F10841AD859B7600C778A649CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 0186F170 Relevance: .3, Instructions: 315COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d97129b039f7799ca24d5c44667f3e24171a9711c360d584584d15bcd2d84b89
                                  • Instruction ID: dad50501f27a9560840a54d92f02914224f03db6868413aacecbd34728fe4001
                                  • Opcode Fuzzy Hash: d97129b039f7799ca24d5c44667f3e24171a9711c360d584584d15bcd2d84b89
                                  • Instruction Fuzzy Hash: 3612B4F14137668BE330CF65F8986893BB1B745329F91420AD2612FAD9D7B8134ACF46
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186D1CC Relevance: .3, Instructions: 265COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 73d3506590ca10563e4345699541a7864aae6bfd27db6a1f26e69564897ced9e
                                  • Instruction ID: e583811772397173d1767e8245bf989bed7096091a833a3faf9cc57227e28e98
                                  • Opcode Fuzzy Hash: 73d3506590ca10563e4345699541a7864aae6bfd27db6a1f26e69564897ced9e
                                  • Instruction Fuzzy Hash: 8AA17D36E0021A8FCF15DFB9C8445DDBBB6FF89310B15856AE905EB221DB35EA45CB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0186F160 Relevance: .2, Instructions: 225COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.428013543.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1860000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 72aafd6b9f15252cfeee18d4159187a69ce9bae01a59f2ef64dcb1441d3222da
                                  • Instruction ID: 67a4454685fccf2406515b640a008e6d86620f64b3af989bfdbfc40d3cf5d925
                                  • Opcode Fuzzy Hash: 72aafd6b9f15252cfeee18d4159187a69ce9bae01a59f2ef64dcb1441d3222da
                                  • Instruction Fuzzy Hash: FFC17CB18137668BD330CF65E8981893BB1FB85328F51430BD2616F6D8DBB8168ACF45
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:0.6%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:49.9%
                                  Total number of Nodes:1440
                                  Total number of Limit Nodes:61
                                  execution_graph 15593 174fab0 15594 174fb14 15593->15594 15595 174fac2 15593->15595 15629 172eef0 15595->15629 15597 174facd 15598 174fadf 15597->15598 15601 174fb18 15597->15601 15644 172eb70 15598->15644 15607 178bdcb 15601->15607 15634 1726d90 15601->15634 15602 174fafa GetPEB 15602->15594 15603 174fb09 15602->15603 15650 172ff60 15603->15650 15614 178be19 15607->15614 15623 178bea7 15607->15623 15670 171b150 15607->15670 15608 17276e2 GetPEB 15609 174fc4b 15608->15609 15610 174fba7 15610->15609 15613 174fbe4 15610->15613 15658 174fd22 15610->15658 15613->15609 15616 174fc47 15613->15616 15617 178bf17 15613->15617 15614->15623 15673 17275ce 15614->15673 15616->15609 15619 174fd22 GetPEB 15616->15619 15617->15609 15618 174fd22 GetPEB 15617->15618 15621 178bf22 15618->15621 15622 174fcb2 15619->15622 15620 178be54 15620->15609 15624 178be92 15620->15624 15677 17276e2 15620->15677 15621->15609 15625 174fd9b 3 API calls 15621->15625 15622->15609 15662 174fd9b 15622->15662 15623->15608 15623->15609 15624->15623 15628 17276e2 GetPEB 15624->15628 15625->15609 15628->15623 15630 172ef0c 15629->15630 15631 172ef21 15629->15631 15630->15597 15632 172ef29 15631->15632 15681 172ef40 15631->15681 15632->15597 15635 1726dba 15634->15635 15636 1726da4 15634->15636 16009 1752e1c 15635->16009 15636->15607 15636->15609 15636->15610 15638 1726dbf 15639 172eef0 27 API calls 15638->15639 15640 1726dca 15639->15640 15641 1726dde 15640->15641 16014 171db60 15640->16014 15643 172eb70 34 API calls 15641->15643 15643->15636 15645 172eb81 15644->15645 15646 172eb9e 15644->15646 15645->15646 15648 172ebac 15645->15648 16132 17aff10 15645->16132 15646->15594 15646->15602 15648->15646 16126 1714dc0 15648->16126 15651 172ff99 15650->15651 15652 172ff6d 15650->15652 15653 17e88f5 34 API calls 15651->15653 15652->15651 15654 172ff80 GetPEB 15652->15654 15656 172ff94 15653->15656 15654->15651 15655 172ff8f 15654->15655 16234 1730050 15655->16234 15656->15594 15659 174fd3a 15658->15659 15661 174fd31 _vswprintf_s 15658->15661 15659->15661 16270 1727608 15659->16270 15661->15613 15663 174fdba GetPEB 15662->15663 15664 174fdcc 15662->15664 15663->15664 15665 178c0bd 15664->15665 15666 174fdf2 15664->15666 15669 174fdfc 15664->15669 15668 178c0d3 GetPEB 15665->15668 15665->15669 15667 17276e2 GetPEB 15666->15667 15666->15669 15667->15669 15668->15669 15669->15609 15671 171b171 _vswprintf_s 12 API calls 15670->15671 15672 171b16e 15671->15672 15672->15614 15674 17275eb 15673->15674 15675 17275db 15673->15675 15674->15620 15675->15674 15676 1727608 GetPEB 15675->15676 15676->15674 15678 17276e6 15677->15678 15679 17276fd 15677->15679 15678->15679 15680 17276ec GetPEB 15678->15680 15679->15624 15680->15679 15682 172f0bd 15681->15682 15684 172ef5d 15681->15684 15682->15684 15719 1719080 15682->15719 15686 172f071 15684->15686 15688 172f042 15684->15688 15689 1712d8a 15684->15689 15686->15630 15687 172f053 GetPEB 15687->15686 15688->15686 15688->15687 15690 1712db8 15689->15690 15705 1712df1 _vswprintf_s 15689->15705 15691 1712de7 15690->15691 15690->15705 15725 1712e9f 15690->15725 15691->15705 15729 1741624 15691->15729 15692 176f9d0 GetPEB 15695 176f9e3 GetPEB 15692->15695 15695->15705 15699 1712e5a 15700 1712e61 15699->15700 15703 1712e99 _vswprintf_s 15699->15703 15701 1737d50 GetPEB 15700->15701 15718 1712e69 15700->15718 15704 176fa76 15701->15704 15712 1712ece 15703->15712 15772 17595d0 LdrInitializeThunk 15703->15772 15706 176fa8a 15704->15706 15707 176fa7a GetPEB 15704->15707 15705->15692 15705->15695 15705->15699 15723 1737d50 GetPEB 15705->15723 15736 17afe87 15705->15736 15743 17afdda 15705->15743 15749 17affb9 15705->15749 15757 17a5720 15705->15757 15709 176fa97 GetPEB 15706->15709 15706->15718 15707->15706 15711 176faaa 15709->15711 15709->15718 15713 1737d50 GetPEB 15711->15713 15712->15684 15714 176faaf 15713->15714 15715 176fac3 15714->15715 15716 176fab3 GetPEB 15714->15716 15715->15718 15760 1797016 15715->15760 15716->15715 15718->15684 15720 1719098 15719->15720 15721 171909e GetPEB 15719->15721 15720->15721 15722 17190aa 15721->15722 15722->15684 15724 1737d5d 15723->15724 15724->15705 15727 1712ebb _vswprintf_s 15725->15727 15726 1712ece 15726->15691 15727->15726 15773 17595d0 LdrInitializeThunk 15727->15773 15774 17416e0 15729->15774 15731 1741630 15735 1741691 15731->15735 15778 17416c7 15731->15778 15734 174165a 15734->15735 15785 174a185 15734->15785 15735->15705 15737 1737d50 GetPEB 15736->15737 15738 17afec1 15737->15738 15739 17afec5 GetPEB 15738->15739 15740 17afed5 _vswprintf_s 15738->15740 15739->15740 15816 175b640 15740->15816 15742 17afef8 15742->15705 15744 17afdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15743->15744 15745 17a5720 _vswprintf_s 12 API calls 15744->15745 15746 17afe0f 15745->15746 15747 17a5720 _vswprintf_s 12 API calls 15746->15747 15748 17afe39 15747->15748 15748->15705 15750 17affc8 _vswprintf_s 15749->15750 15963 174e730 15750->15963 15752 17b0067 _vswprintf_s 15753 176d130 _vswprintf_s 12 API calls 15752->15753 15755 17b009a 15753->15755 15754 17affd5 _vswprintf_s 15754->15752 15756 17a0c30 _vswprintf_s 12 API calls 15754->15756 15755->15705 15756->15752 15969 171b171 15757->15969 15761 1797052 15760->15761 15762 1797073 GetPEB 15761->15762 15767 1797084 15761->15767 15762->15767 15763 1797125 GetPEB 15764 1797136 15763->15764 15765 175b640 _vswprintf_s 12 API calls 15764->15765 15766 1797147 15765->15766 15766->15718 15767->15764 15768 1737d50 GetPEB 15767->15768 15771 1797101 _vswprintf_s 15767->15771 15769 17970ec 15768->15769 15770 17970f0 GetPEB 15769->15770 15769->15771 15770->15771 15771->15763 15771->15764 15772->15712 15773->15726 15775 17416ed 15774->15775 15776 17416f3 GetPEB 15775->15776 15777 17416f1 15775->15777 15776->15777 15777->15731 15779 17855f4 15778->15779 15780 17416da 15778->15780 15790 17cbbf0 15779->15790 15780->15734 15784 178560a 15786 174a1a0 15785->15786 15787 174a192 15785->15787 15786->15787 15788 174a1b0 GetPEB 15786->15788 15787->15735 15789 174a1c1 15788->15789 15789->15735 15791 17cbc12 15790->15791 15792 17855fb 15791->15792 15798 17cc08a 15791->15798 15792->15784 15794 17cbf33 15792->15794 15795 17cbf4c 15794->15795 15797 17cbf97 15795->15797 15811 17cbe9b 15795->15811 15797->15784 15799 17cc0c6 15798->15799 15801 17cc104 _vswprintf_s 15799->15801 15802 17cbfdb 15799->15802 15801->15792 15803 17cbfef 15802->15803 15805 17cbfeb 15802->15805 15803->15805 15806 17cbdfa 15803->15806 15805->15801 15807 17cbe17 15806->15807 15808 17cbe6d 15807->15808 15810 1759660 LdrInitializeThunk 15807->15810 15808->15805 15810->15808 15812 17cbeb3 15811->15812 15814 17cbf08 15812->15814 15815 1759660 LdrInitializeThunk 15812->15815 15814->15797 15815->15814 15817 175b648 15816->15817 15818 175b64b 15816->15818 15817->15742 15821 17cb590 15818->15821 15820 175b74a _vswprintf_s 15820->15742 15824 17cb260 15821->15824 15823 17cb5a3 15823->15820 15882 176d08c 15824->15882 15826 17cb26c GetPEB 15827 17cb279 GetPEB 15826->15827 15829 17cb293 15827->15829 15830 17cb2ba 15829->15830 15831 17cb48b 15829->15831 15832 17cb54b 15829->15832 15833 17cb414 15830->15833 15834 17cb2c6 15830->15834 15835 17a5720 _vswprintf_s 10 API calls 15831->15835 15836 17cb56b _vswprintf_s 15832->15836 15883 17a0c30 15832->15883 15840 17a5720 _vswprintf_s 10 API calls 15833->15840 15837 17cb32d 15834->15837 15838 17cb2ce 15834->15838 15839 17cb49e 15835->15839 15836->15823 15849 17cb396 15837->15849 15850 17cb34d 15837->15850 15879 17cb2eb 15837->15879 15842 17cb2da 15838->15842 15843 17cb2f3 15838->15843 15847 17a5720 _vswprintf_s 10 API calls 15839->15847 15844 17cb427 15840->15844 15845 17a5720 _vswprintf_s 10 API calls 15842->15845 15846 17a5720 _vswprintf_s 10 API calls 15843->15846 15848 17a5720 _vswprintf_s 10 API calls 15844->15848 15845->15879 15852 17cb302 15846->15852 15853 17cb4c2 15847->15853 15855 17cb43e 15848->15855 15854 17a5720 _vswprintf_s 10 API calls 15849->15854 15856 17a5720 _vswprintf_s 10 API calls 15850->15856 15851 17a5720 _vswprintf_s 10 API calls 15857 17cb4fd 15851->15857 15858 17a5720 _vswprintf_s 10 API calls 15852->15858 15859 17cb4cc 15853->15859 15868 17cb320 15853->15868 15860 17cb3aa 15854->15860 15861 17a5720 _vswprintf_s 10 API calls 15855->15861 15862 17cb361 15856->15862 15863 17cb519 15857->15863 15871 17a5720 _vswprintf_s 10 API calls 15857->15871 15864 17cb311 15858->15864 15865 17a5720 _vswprintf_s 10 API calls 15859->15865 15866 17cb38f 15860->15866 15867 17cb3b6 15860->15867 15861->15868 15862->15866 15870 17cb371 15862->15870 15872 17a5720 _vswprintf_s 10 API calls 15863->15872 15873 17a5720 _vswprintf_s 10 API calls 15864->15873 15865->15879 15875 17a5720 _vswprintf_s 10 API calls 15866->15875 15874 17a5720 _vswprintf_s 10 API calls 15867->15874 15869 17a5720 _vswprintf_s 10 API calls 15868->15869 15868->15879 15869->15879 15880 17a5720 _vswprintf_s 10 API calls 15870->15880 15871->15863 15876 17cb528 15872->15876 15873->15868 15877 17cb3c5 15874->15877 15875->15879 15876->15832 15881 17a5720 _vswprintf_s 10 API calls 15876->15881 15878 17a5720 _vswprintf_s 10 API calls 15877->15878 15878->15879 15879->15851 15880->15879 15881->15832 15882->15826 15884 17a0c50 15883->15884 15892 17a0c49 15883->15892 15893 17a193b 15884->15893 15886 17a0c5e 15886->15892 15899 17a1c76 15886->15899 15892->15836 15894 17a194c 15893->15894 15895 17a1967 _vswprintf_s 15893->15895 15916 17a1c49 15894->15916 15895->15886 15897 17a1951 _vswprintf_s 15897->15895 15898 17a1c49 _vswprintf_s LdrInitializeThunk 15897->15898 15898->15897 15919 1759670 15899->15919 15917 1759670 _vswprintf_s LdrInitializeThunk 15916->15917 15918 17a1c65 15917->15918 15918->15897 15920 175967a _vswprintf_s LdrInitializeThunk 15919->15920 15964 1759670 _vswprintf_s LdrInitializeThunk 15963->15964 15965 174e747 _vswprintf_s 15964->15965 15966 174e784 GetPEB 15965->15966 15967 174e74b 15965->15967 15968 174e7a8 15966->15968 15967->15754 15968->15754 15970 171b180 _vswprintf_s 15969->15970 15971 171b1b0 GetPEB 15970->15971 15978 171b1c0 _vswprintf_s 15970->15978 15971->15978 15972 176d130 _vswprintf_s 10 API calls 15973 171b1de 15972->15973 15973->15705 15975 1774904 GetPEB 15976 171b1d1 _vswprintf_s 15975->15976 15976->15972 15978->15975 15978->15976 15979 175e2d0 15978->15979 15982 175e2ed 15979->15982 15981 175e2e8 15981->15978 15983 175e30f 15982->15983 15984 175e2fb 15982->15984 15986 175e332 15983->15986 15987 175e31e 15983->15987 15991 175b58e 15984->15991 15996 1762440 15986->15996 15988 175b58e _vswprintf_s 12 API calls 15987->15988 15990 175e307 _vswprintf_s 15988->15990 15990->15981 15992 171b150 _vswprintf_s 12 API calls 15991->15992 15993 175b627 15992->15993 15994 175b640 _vswprintf_s 12 API calls 15993->15994 15995 175b632 15994->15995 15995->15990 15997 17624af 15996->15997 15998 176249a 15996->15998 16000 17624b7 15997->16000 16007 17624cc __aulldvrm _vswprintf_s 15997->16007 15999 175b58e _vswprintf_s 12 API calls 15998->15999 16002 17624a4 15999->16002 16001 175b58e _vswprintf_s 12 API calls 16000->16001 16001->16002 16003 175b640 _vswprintf_s 12 API calls 16002->16003 16004 1762d6e 16003->16004 16004->15990 16005 1762d4f 16006 175b58e _vswprintf_s 12 API calls 16005->16006 16006->16002 16007->16002 16007->16005 16008 17658ee 12 API calls __cftof 16007->16008 16008->16007 16010 1752e32 16009->16010 16011 1752e57 16010->16011 16022 1759840 LdrInitializeThunk 16010->16022 16011->15638 16013 178df2e 16015 171db6d 16014->16015 16021 171db91 16014->16021 16015->16021 16023 171db40 GetPEB 16015->16023 16017 171db76 16017->16021 16025 171e7b0 16017->16025 16019 171db87 16020 1774fa6 GetPEB 16019->16020 16019->16021 16020->16021 16021->15641 16022->16013 16024 171db52 16023->16024 16024->16017 16026 171e7ce 16025->16026 16030 171e7e0 16025->16030 16031 171e7e8 16026->16031 16033 1723d34 16026->16033 16029 171b150 _vswprintf_s 12 API calls 16029->16031 16030->16029 16030->16031 16032 171e7f6 16031->16032 16072 171dca4 16031->16072 16032->16019 16034 1778213 16033->16034 16035 1723d6c 16033->16035 16038 177822b GetPEB 16034->16038 16059 1724068 16034->16059 16088 1721b8f 16035->16088 16037 1723d81 16037->16034 16039 1723d89 16037->16039 16038->16059 16040 1721b8f 2 API calls 16039->16040 16041 1723d9e 16040->16041 16042 1723da2 GetPEB 16041->16042 16043 1723dba 16041->16043 16042->16043 16044 1721b8f 2 API calls 16043->16044 16045 1723dd2 16044->16045 16046 1723e91 16045->16046 16051 1723deb GetPEB 16045->16051 16045->16059 16048 1721b8f 2 API calls 16046->16048 16047 1778344 GetPEB 16049 172407a 16047->16049 16052 1723ea9 16048->16052 16050 1724085 16049->16050 16053 1778363 GetPEB 16049->16053 16050->16030 16065 1723dfc _vswprintf_s 16051->16065 16054 1723f6a 16052->16054 16055 1723ec2 GetPEB 16052->16055 16052->16059 16053->16050 16056 1721b8f 2 API calls 16054->16056 16069 1723ed3 _vswprintf_s 16055->16069 16057 1723f82 16056->16057 16058 1723f9b GetPEB 16057->16058 16057->16059 16071 1723fac _vswprintf_s 16058->16071 16059->16047 16059->16049 16060 1723e62 GetPEB 16061 1723e74 16060->16061 16061->16046 16062 1723e81 GetPEB 16061->16062 16062->16046 16063 1723f4d 16063->16054 16066 1723f5a GetPEB 16063->16066 16064 1723f3b GetPEB 16064->16063 16065->16059 16065->16060 16065->16061 16066->16054 16067 1778324 GetPEB 16067->16059 16068 172404f 16068->16059 16070 1724058 GetPEB 16068->16070 16069->16059 16069->16063 16069->16064 16070->16059 16071->16059 16071->16067 16071->16068 16073 171dd6f _vswprintf_s 16072->16073 16077 171dcfd 16072->16077 16076 1774ff2 16073->16076 16080 171dfae 16073->16080 16083 171dfc2 16073->16083 16110 171e375 16073->16110 16115 17595d0 LdrInitializeThunk 16073->16115 16074 171dd47 16103 171dbb1 16074->16103 16076->16076 16077->16074 16077->16083 16094 171e620 16077->16094 16080->16083 16116 17595d0 LdrInitializeThunk 16080->16116 16084 175b640 _vswprintf_s 12 API calls 16083->16084 16086 171dfe4 16084->16086 16086->16032 16092 1721ba9 _vswprintf_s 16088->16092 16093 1721c05 16088->16093 16089 177701a GetPEB 16090 1721c21 16089->16090 16090->16037 16091 1721bf4 GetPEB 16091->16093 16092->16090 16092->16091 16092->16093 16093->16089 16093->16090 16095 1775503 16094->16095 16096 171e644 16094->16096 16096->16095 16117 171f358 16096->16117 16098 171e661 _vswprintf_s 16099 171e725 16098->16099 16121 17595d0 LdrInitializeThunk 16098->16121 16101 171e729 GetPEB 16099->16101 16102 171e73b 16099->16102 16101->16102 16102->16074 16122 172766d 16103->16122 16105 171dbcf 16105->16073 16106 171dbf1 16105->16106 16107 171dc05 16106->16107 16108 172766d GetPEB 16107->16108 16109 171dc22 16108->16109 16109->16073 16114 171e3a3 16110->16114 16111 175b640 _vswprintf_s 12 API calls 16112 171e400 16111->16112 16112->16073 16113 1775306 16114->16111 16114->16113 16115->16073 16116->16083 16118 171f370 16117->16118 16119 171f38c 16118->16119 16120 171f379 GetPEB 16118->16120 16119->16098 16120->16119 16121->16099 16124 1727687 16122->16124 16123 17276d3 16123->16105 16124->16123 16125 17276c2 GetPEB 16124->16125 16125->16123 16127 1714dfa 16126->16127 16129 1714dd1 _vswprintf_s 16126->16129 16128 1712e9f LdrInitializeThunk 16127->16128 16128->16129 16131 1714df3 16129->16131 16148 1714f2e 16129->16148 16131->15646 16233 176d0e8 16132->16233 16134 17aff1c GetPEB 16135 17aff2b 16134->16135 16136 17aff43 GetPEB 16134->16136 16135->16136 16137 17affb1 16135->16137 16138 17aff4f 16136->16138 16139 17aff6e 16136->16139 16140 176d130 _vswprintf_s 12 API calls 16137->16140 16141 17a5720 _vswprintf_s 12 API calls 16138->16141 16142 174e730 2 API calls 16139->16142 16143 17affb6 16140->16143 16141->16139 16144 17aff7d _vswprintf_s 16142->16144 16143->15648 16145 17affa4 16144->16145 16146 17aff94 RtlDebugPrintTimes 16144->16146 16145->15648 16147 17affa3 16146->16147 16147->15648 16149 1770b85 16148->16149 16154 1714f3e 16148->16154 16150 1770b8b GetPEB 16149->16150 16151 1770b9a 16149->16151 16150->16151 16152 1770b9f 16150->16152 16157 17e88f5 16151->16157 16154->16149 16155 1714f5b GetPEB 16154->16155 16155->16149 16156 1714f6e 16155->16156 16156->16131 16158 17e8901 _vswprintf_s 16157->16158 16163 171cc50 16158->16163 16160 17e891f _vswprintf_s 16161 176d130 _vswprintf_s 12 API calls 16160->16161 16162 17e8946 16161->16162 16162->16152 16166 171cc79 16163->16166 16164 171cc7e 16165 175b640 _vswprintf_s 12 API calls 16164->16165 16167 171cc89 16165->16167 16166->16164 16169 174b230 16166->16169 16167->16160 16170 178a2f6 16169->16170 16171 174b26a 16169->16171 16171->16170 16173 178a2fd 16171->16173 16177 174b2ab _vswprintf_s 16171->16177 16172 175b640 _vswprintf_s 12 API calls 16176 174b2d0 16172->16176 16174 174b2b5 16173->16174 16187 17e5ba5 16173->16187 16174->16170 16174->16172 16176->16164 16177->16174 16179 171ccc0 16177->16179 16180 171cd04 16179->16180 16181 171cd95 16180->16181 16182 171b150 _vswprintf_s 12 API calls 16180->16182 16181->16174 16183 1774e0a 16182->16183 16184 171b150 _vswprintf_s 12 API calls 16183->16184 16185 1774e14 16184->16185 16186 171b150 _vswprintf_s 12 API calls 16185->16186 16186->16181 16188 17e5bb4 _vswprintf_s 16187->16188 16194 17e5c2a _vswprintf_s 16188->16194 16195 17e5c10 16188->16195 16198 17e4c56 16188->16198 16189 176d130 _vswprintf_s 12 API calls 16191 17e63e5 16189->16191 16191->16174 16194->16195 16196 17e60cf GetPEB 16194->16196 16197 1759710 LdrInitializeThunk 16194->16197 16202 1756de6 16194->16202 16195->16189 16196->16194 16197->16194 16199 17e4c62 _vswprintf_s 16198->16199 16200 176d130 _vswprintf_s 12 API calls 16199->16200 16201 17e4caa 16200->16201 16201->16194 16203 1756e03 16202->16203 16207 1756e73 16202->16207 16205 1756e53 16203->16205 16203->16207 16208 1756ebe 16203->16208 16205->16207 16216 1746a60 16205->16216 16207->16194 16209 172eef0 27 API calls 16208->16209 16215 1756eeb 16209->16215 16210 172eb70 34 API calls 16213 1756f48 16210->16213 16211 1756f0d 16211->16210 16213->16203 16215->16211 16221 1757742 16215->16221 16227 17c84e0 16215->16227 16217 1788025 16216->16217 16218 1746a8d _vswprintf_s 16216->16218 16218->16217 16219 175b640 _vswprintf_s 12 API calls 16218->16219 16220 1746b66 16219->16220 16220->16207 16222 1757827 16221->16222 16224 1757768 _vswprintf_s 16221->16224 16222->16215 16223 1759660 _vswprintf_s LdrInitializeThunk 16223->16224 16224->16222 16224->16223 16225 172eef0 27 API calls 16224->16225 16226 172eb70 34 API calls 16224->16226 16225->16224 16226->16224 16228 17c8511 16227->16228 16229 172eb70 34 API calls 16228->16229 16230 17c8556 16229->16230 16231 172eef0 27 API calls 16230->16231 16232 17c85f1 16231->16232 16232->16215 16233->16134 16235 1730074 16234->16235 16236 17300f8 16235->16236 16237 173009d GetPEB 16235->16237 16240 175b640 _vswprintf_s 12 API calls 16236->16240 16238 17300d0 16237->16238 16239 177c01b 16237->16239 16243 177c037 16238->16243 16244 17300df 16238->16244 16239->16238 16242 177c024 GetPEB 16239->16242 16241 1730105 16240->16241 16241->15656 16242->16238 16254 17e8a62 16243->16254 16250 1749702 16244->16250 16247 177c04b 16247->16247 16248 17300ef 16248->16236 16249 1730109 RtlDebugPrintTimes 16248->16249 16249->16236 16251 1749720 16250->16251 16253 1749784 16251->16253 16261 17e8214 16251->16261 16253->16248 16255 1737d50 GetPEB 16254->16255 16256 17e8a9d 16255->16256 16257 17e8aa1 GetPEB 16256->16257 16258 17e8ab1 _vswprintf_s 16256->16258 16257->16258 16259 175b640 _vswprintf_s 12 API calls 16258->16259 16260 17e8ad7 16259->16260 16260->16247 16263 17e823b 16261->16263 16262 17e82c0 16262->16253 16263->16262 16265 1743b7a GetPEB 16263->16265 16269 1743bb5 _vswprintf_s 16265->16269 16266 1786298 16267 1743c1b GetPEB 16268 1743c35 16267->16268 16268->16262 16269->16266 16269->16267 16269->16269 16271 1727620 16270->16271 16272 172766d GetPEB 16271->16272 16273 1727632 16272->16273 16273->15661 17295 17535b1 17296 17535ca 17295->17296 17297 17535f2 17295->17297 17296->17297 17298 1727608 GetPEB 17296->17298 17298->17297 16275 1759670 16277 175967a 16275->16277 16278 1759681 16277->16278 16279 175968f LdrInitializeThunk 16277->16279 16303 1710b60 16304 1710b72 16303->16304 16306 1710baf 16303->16306 16304->16306 16307 1710bd0 16304->16307 16310 1710c66 16307->16310 16314 1710c05 16307->16314 16308 176e915 16313 1710c8d _vswprintf_s 16308->16313 16316 1761700 16308->16316 16309 176e940 16312 1761700 12 API calls 16309->16312 16309->16313 16310->16308 16310->16309 16310->16313 16312->16313 16313->16306 16314->16310 16314->16313 16315 1761700 12 API calls 16314->16315 16315->16314 16319 17614e9 16316->16319 16318 176171c 16318->16313 16320 17614fb 16319->16320 16321 175b58e _vswprintf_s 12 API calls 16320->16321 16322 176150e __cftof 16320->16322 16321->16322 16322->16318 17299 17435a1 17300 17435a7 17299->17300 17301 17435b8 GetPEB 17300->17301 17303 17435b7 17300->17303 17302 172eb70 34 API calls 17301->17302 17302->17303 16286 17e5ba5 16287 17e5bb4 _vswprintf_s 16286->16287 16289 17e4c56 12 API calls 16287->16289 16293 17e5c2a _vswprintf_s 16287->16293 16294 17e5c10 16287->16294 16288 176d130 _vswprintf_s 12 API calls 16290 17e63e5 16288->16290 16289->16293 16292 1756de6 33 API calls 16292->16293 16293->16292 16293->16294 16295 17e60cf GetPEB 16293->16295 16296 1759710 LdrInitializeThunk 16293->16296 16294->16288 16295->16293 16296->16293 17304 1711190 17305 17111a0 17304->17305 17307 17111be 17304->17307 17305->17307 17308 17111e0 17305->17308 17311 1711204 17308->17311 17309 175b640 _vswprintf_s 12 API calls 17310 1711296 17309->17310 17310->17307 17311->17309 17312 17d131b 17313 1737d50 GetPEB 17312->17313 17314 17d134d 17313->17314 17315 17d1351 GetPEB 17314->17315 17316 17d1361 _vswprintf_s 17314->17316 17315->17316 17317 175b640 _vswprintf_s 12 API calls 17316->17317 17318 17d1384 17317->17318 17319 179b111 17320 179b131 17319->17320 17321 179b143 17319->17321 17323 17a21b7 17320->17323 17326 175e3a0 17323->17326 17329 175e3bd 17326->17329 17328 175e3b8 17328->17321 17330 175e3cc 17329->17330 17332 175e3e3 17329->17332 17331 175b58e _vswprintf_s 12 API calls 17330->17331 17334 175e3d8 _vswprintf_s 17331->17334 17333 175b58e _vswprintf_s 12 API calls 17332->17333 17332->17334 17333->17334 17334->17328 16323 17dab54 16324 17dab79 16323->16324 16325 17dab88 16323->16325 16335 17dcac9 16324->16335 16327 17daba4 16325->16327 16328 17dabb1 16325->16328 16334 17dab8f 16325->16334 16341 17e28ec 16327->16341 16329 17dabb6 16328->16329 16330 17dabc1 16328->16330 16350 17df9a1 16329->16350 16360 17de539 16330->16360 16336 17dcadd 16335->16336 16338 17dcafc 16336->16338 16381 17dc8f7 16336->16381 16340 17dcb00 _vswprintf_s 16338->16340 16385 17dd12f 16338->16385 16340->16325 16343 17e2908 16341->16343 16344 17e29f5 16343->16344 16349 17e2a70 _vswprintf_s 16343->16349 16890 17e3149 16343->16890 16345 17e2a8c 16344->16345 16346 17e2a60 16344->16346 16899 17e25dd 16345->16899 16347 17da80d 28 API calls 16346->16347 16347->16349 16349->16334 16351 17df9d6 16350->16351 16920 17e022c 16351->16920 16353 17df9e1 16354 17df9e7 16353->16354 16355 17dfa16 16353->16355 16926 17e05ac 16353->16926 16354->16334 16358 17dfa1a _vswprintf_s 16355->16358 16942 17e070d 16355->16942 16358->16354 16956 17e0a13 16358->16956 17156 17dbbbb 16360->17156 16362 17de635 16363 17dafde 34 API calls 16362->16363 16379 17de804 16362->16379 16363->16379 16364 17de5f6 16365 17da854 34 API calls 16364->16365 16372 17de614 16365->16372 16367 17de567 16367->16362 16367->16364 16368 17de618 16367->16368 16369 17da80d 28 API calls 16367->16369 16368->16362 17162 17dbcd2 16368->17162 16369->16364 16370 17de68f 16371 17da854 34 API calls 16370->16371 16374 17de6ae 16371->16374 16372->16368 16372->16370 16373 17da80d 28 API calls 16372->16373 16373->16370 16374->16368 16375 1737d50 GetPEB 16374->16375 16376 17de7a8 16375->16376 16377 17de7ac GetPEB 16376->16377 16378 17de7c0 16376->16378 16377->16378 16378->16379 16380 17cfec0 14 API calls 16378->16380 16379->16334 16380->16368 16382 17dc94b 16381->16382 16383 17dc915 16381->16383 16382->16338 16383->16382 16401 17dc43e 16383->16401 16389 17dd15d 16385->16389 16386 17dd29e 16419 17dd38e 16386->16419 16388 17dd2ac 16394 17dd2c1 16388->16394 16424 17ddbd2 16388->16424 16389->16386 16392 17dd2d8 16389->16392 16389->16394 16407 17dd616 16389->16407 16395 17dd38e 15 API calls 16392->16395 16393 17dd31c 16397 17dd330 16393->16397 16439 17dc52d 16393->16439 16394->16393 16433 17dc7a2 16394->16433 16398 17dd2e8 16395->16398 16397->16340 16398->16394 16400 17ddbd2 262 API calls 16398->16400 16400->16394 16402 17dc46c 16401->16402 16406 17dc4bf _vswprintf_s 16401->16406 16404 17dc490 RtlDebugPrintTimes 16402->16404 16402->16406 16403 175b640 _vswprintf_s 12 API calls 16405 17dc529 16403->16405 16404->16406 16405->16382 16406->16403 16408 17dd651 16407->16408 16409 17dd733 RtlDebugPrintTimes 16408->16409 16410 17dd751 16408->16410 16409->16410 16411 17dd7ca 16410->16411 16412 17dd7b1 RtlDebugPrintTimes 16410->16412 16413 17dd757 16410->16413 16417 17dd7ce 16411->16417 16443 17ddef6 16411->16443 16412->16411 16414 175b640 _vswprintf_s 12 API calls 16413->16414 16415 17dd85e 16414->16415 16415->16389 16417->16413 16418 17dd81f RtlDebugPrintTimes 16417->16418 16418->16413 16478 171774a 16419->16478 16421 17dd3d2 16423 17dd419 16421->16423 16483 17dd466 16421->16483 16423->16388 16425 17ddd1f 16424->16425 16426 17ddc12 16424->16426 16428 17ddcca 16425->16428 16430 17dc52d 262 API calls 16425->16430 16427 17ddcb2 16426->16427 16426->16428 16431 17ddcd1 16426->16431 16489 17da80d 16427->16489 16428->16394 16430->16428 16431->16425 16493 17dd8df 16431->16493 16436 17dc7c6 _vswprintf_s 16433->16436 16434 175b640 _vswprintf_s 12 API calls 16435 17dc87f 16434->16435 16435->16393 16438 17dc863 16436->16438 16870 17dc59e RtlDebugPrintTimes 16436->16870 16438->16434 16442 17dc548 16439->16442 16440 17dc595 16440->16397 16442->16440 16874 17ddb14 16442->16874 16444 17ddfe8 16443->16444 16447 17da6b3 16444->16447 16452 1741164 16447->16452 16450 1741164 14 API calls 16451 17da6d7 16450->16451 16451->16417 16453 1785490 16452->16453 16457 174117f 16452->16457 16455 1759670 _vswprintf_s LdrInitializeThunk 16453->16455 16455->16457 16458 1745720 16457->16458 16461 1744e70 16458->16461 16462 1744ec0 16461->16462 16464 1744e94 16461->16464 16463 1744ed6 RtlDebugPrintTimes 16462->16463 16468 1744eeb 16462->16468 16463->16468 16465 175b640 _vswprintf_s 12 API calls 16464->16465 16466 1741185 16465->16466 16466->16450 16468->16464 16469 17c8df1 16468->16469 16477 176d0e8 16469->16477 16471 17c8dfd GetPEB 16472 17c8e10 16471->16472 16473 17a5720 _vswprintf_s 12 API calls 16472->16473 16474 17c8e2f _vswprintf_s 16472->16474 16473->16474 16475 176d130 _vswprintf_s 12 API calls 16474->16475 16476 17c8ebd 16475->16476 16476->16464 16477->16471 16479 171777a 16478->16479 16480 17728d8 16478->16480 16479->16421 16481 1741164 14 API calls 16480->16481 16482 17728dd 16481->16482 16484 17dd4bc 16483->16484 16485 17dd4cc RtlDebugPrintTimes 16484->16485 16486 17dd4c6 16484->16486 16485->16486 16487 175b640 _vswprintf_s 12 API calls 16486->16487 16488 17dd591 16487->16488 16488->16423 16490 17da81c 16489->16490 16491 17da84e 16489->16491 16501 17cff41 16490->16501 16491->16428 16496 17dd917 16493->16496 16494 175b640 _vswprintf_s 12 API calls 16495 17dda95 16494->16495 16495->16425 16499 17dda54 16496->16499 16500 17dd96d 16496->16500 16574 17bda47 16496->16574 16498 17dd9ed RtlDebugPrintTimes 16498->16500 16499->16494 16500->16498 16500->16499 16503 17cff4d _vswprintf_s 16501->16503 16502 17cffaf _vswprintf_s 16502->16491 16503->16502 16505 17d2073 16503->16505 16515 17cfd22 16505->16515 16507 17d207d 16508 17d2085 16507->16508 16510 17d20a4 16507->16510 16509 17c8df1 13 API calls 16508->16509 16512 17d20a2 16509->16512 16511 17d20be 16510->16511 16518 17d1c06 GetPEB 16510->16518 16511->16502 16512->16502 16516 1759670 _vswprintf_s LdrInitializeThunk 16515->16516 16517 17cfd3d 16516->16517 16517->16507 16519 17d1c3d 16518->16519 16520 17d1c20 GetPEB 16518->16520 16521 171b150 _vswprintf_s 12 API calls 16519->16521 16522 171b150 _vswprintf_s 12 API calls 16520->16522 16523 17d1c3a 16521->16523 16522->16523 16524 171b150 _vswprintf_s 12 API calls 16523->16524 16525 17d1c5a GetPEB 16524->16525 16527 17d1d04 16525->16527 16528 17d1ce7 GetPEB 16525->16528 16530 171b150 _vswprintf_s 12 API calls 16527->16530 16529 171b150 _vswprintf_s 12 API calls 16528->16529 16531 17d1d01 16529->16531 16530->16531 16532 171b150 _vswprintf_s 12 API calls 16531->16532 16533 17d1d1c 16532->16533 16534 17d1d66 16533->16534 16535 17d1d27 GetPEB 16533->16535 16536 17d1daf 16534->16536 16537 17d1d70 GetPEB 16534->16537 16538 17d1d4f 16535->16538 16539 17d1d32 GetPEB 16535->16539 16540 17d1db9 GetPEB 16536->16540 16541 17d1df8 16536->16541 16544 17d1d98 16537->16544 16545 17d1d7b GetPEB 16537->16545 16543 171b150 _vswprintf_s 12 API calls 16538->16543 16542 171b150 _vswprintf_s 12 API calls 16539->16542 16547 17d1dc4 GetPEB 16540->16547 16548 17d1de1 16540->16548 16550 17d1e0a GetPEB 16541->16550 16554 17d1e52 GetPEB 16541->16554 16546 17d1d4c 16542->16546 16543->16546 16551 171b150 _vswprintf_s 12 API calls 16544->16551 16549 171b150 _vswprintf_s 12 API calls 16545->16549 16557 171b150 _vswprintf_s 12 API calls 16546->16557 16552 171b150 _vswprintf_s 12 API calls 16547->16552 16553 171b150 _vswprintf_s 12 API calls 16548->16553 16558 17d1d95 16549->16558 16555 17d1e15 GetPEB 16550->16555 16556 17d1e32 16550->16556 16551->16558 16560 17d1dde 16552->16560 16553->16560 16561 17d1e5d GetPEB 16554->16561 16562 17d1e7a 16554->16562 16563 171b150 _vswprintf_s 12 API calls 16555->16563 16559 171b150 _vswprintf_s 12 API calls 16556->16559 16557->16534 16564 171b150 _vswprintf_s 12 API calls 16558->16564 16566 17d1e2f 16559->16566 16565 171b150 _vswprintf_s 12 API calls 16560->16565 16567 171b150 _vswprintf_s 12 API calls 16561->16567 16568 171b150 _vswprintf_s 12 API calls 16562->16568 16563->16566 16564->16536 16565->16541 16569 171b150 _vswprintf_s 12 API calls 16566->16569 16570 17d1e77 16567->16570 16568->16570 16571 17d1e4f 16569->16571 16572 171b150 _vswprintf_s 12 API calls 16570->16572 16571->16554 16573 17d1e90 GetPEB 16572->16573 16573->16511 16575 17bda9b 16574->16575 16576 17bda51 16574->16576 16575->16500 16576->16575 16580 173c4a0 16576->16580 16600 173c577 16580->16600 16582 173c4cc 16593 173c52c 16582->16593 16608 173c182 16582->16608 16583 175b640 _vswprintf_s 12 API calls 16584 173c545 16583->16584 16584->16575 16594 17d526e 16584->16594 16586 173c515 16588 173c565 16586->16588 16589 173c519 16586->16589 16586->16593 16587 173c4f9 16587->16586 16587->16593 16641 173e180 16587->16641 16592 1782e61 RtlDebugPrintTimes 16588->16592 16588->16593 16623 173dbe9 16589->16623 16592->16593 16593->16583 16595 17d528d 16594->16595 16596 17d52a4 16594->16596 16854 1797b9c 16595->16854 16597 175b640 _vswprintf_s 12 API calls 16596->16597 16599 17d52af 16597->16599 16599->16575 16601 173c5b5 16600->16601 16604 173c583 16600->16604 16602 173c5bb GetPEB 16601->16602 16603 173c5ce 16601->16603 16602->16603 16605 173c5ad 16602->16605 16606 17e88f5 34 API calls 16603->16606 16604->16601 16607 173c59e GetPEB 16604->16607 16605->16582 16606->16605 16607->16601 16607->16605 16609 173c1c4 16608->16609 16622 173c1a2 16608->16622 16610 1737d50 GetPEB 16609->16610 16611 173c1dc 16610->16611 16612 173c1e4 16611->16612 16613 1782d65 GetPEB 16611->16613 16614 1782d78 16612->16614 16616 173c1f2 16612->16616 16613->16614 16667 17e8d34 16614->16667 16616->16622 16644 173bb2d 16616->16644 16619 173bb2d 28 API calls 16620 173c227 16619->16620 16649 173b944 16620->16649 16622->16587 16624 173dc05 16623->16624 16632 173dc54 16624->16632 16697 1714510 16624->16697 16625 1737d50 GetPEB 16627 173dd10 16625->16627 16629 1783aff GetPEB 16627->16629 16630 173dd18 16627->16630 16633 1783b12 16629->16633 16630->16633 16634 173dd29 16630->16634 16631 171cc50 34 API calls 16631->16632 16632->16625 16705 17e8ed6 16633->16705 16688 173dd82 16634->16688 16636 1783b1b 16636->16636 16638 173dd3b 16639 173b944 17 API calls 16638->16639 16640 173dd45 16639->16640 16640->16593 16642 173c577 36 API calls 16641->16642 16643 173e198 16642->16643 16643->16586 16645 173bb33 16644->16645 16646 17da80d 28 API calls 16645->16646 16648 173bb92 16645->16648 16647 1782d06 16646->16647 16648->16619 16650 173badd 16649->16650 16663 173b980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16649->16663 16652 1737d50 GetPEB 16650->16652 16657 173bab7 16650->16657 16651 175b640 _vswprintf_s 12 API calls 16653 173bad9 16651->16653 16654 173baee 16652->16654 16653->16622 16655 173baf6 16654->16655 16656 1782caf GetPEB 16654->16656 16655->16657 16674 17e8cd6 16655->16674 16660 1782cc2 GetPEB 16656->16660 16657->16651 16658 1737d50 GetPEB 16661 173baa1 16658->16661 16664 1782cd5 16660->16664 16661->16660 16662 173baa9 16661->16662 16662->16657 16662->16664 16663->16657 16663->16658 16681 17e8f6a 16664->16681 16666 1782ce2 16666->16666 16668 1737d50 GetPEB 16667->16668 16669 17e8d5a 16668->16669 16670 17e8d5e GetPEB 16669->16670 16671 17e8d6e _vswprintf_s 16669->16671 16670->16671 16672 175b640 _vswprintf_s 12 API calls 16671->16672 16673 17e8d91 16672->16673 16673->16622 16675 1737d50 GetPEB 16674->16675 16676 17e8cf9 16675->16676 16677 17e8cfd GetPEB 16676->16677 16678 17e8d0d _vswprintf_s 16676->16678 16677->16678 16679 175b640 _vswprintf_s 12 API calls 16678->16679 16680 17e8d30 16679->16680 16680->16657 16682 1737d50 GetPEB 16681->16682 16683 17e8f9c 16682->16683 16684 17e8fa0 GetPEB 16683->16684 16685 17e8fb0 _vswprintf_s 16683->16685 16684->16685 16686 175b640 _vswprintf_s 12 API calls 16685->16686 16687 17e8fd3 16686->16687 16687->16666 16689 173ddbc 16688->16689 16690 172eef0 27 API calls 16689->16690 16695 173de19 16689->16695 16691 173ded7 16690->16691 16692 173df1f 16691->16692 16693 172eb70 34 API calls 16691->16693 16692->16638 16694 173df0b 16693->16694 16694->16695 16712 173df70 16694->16712 16695->16638 16698 171458f 16697->16698 16699 1714523 16697->16699 16698->16631 16699->16698 16700 171b150 _vswprintf_s 12 API calls 16699->16700 16701 17708f7 16700->16701 16702 171b150 _vswprintf_s 12 API calls 16701->16702 16703 1770901 16702->16703 16704 171b150 _vswprintf_s 12 API calls 16703->16704 16704->16698 16706 1737d50 GetPEB 16705->16706 16707 17e8f2f 16706->16707 16708 17e8f33 GetPEB 16707->16708 16709 17e8f43 _vswprintf_s 16707->16709 16708->16709 16710 175b640 _vswprintf_s 12 API calls 16709->16710 16711 17e8f66 16710->16711 16711->16636 16713 173df7c _vswprintf_s 16712->16713 16714 173dfe5 16713->16714 16715 173dfba 16713->16715 16733 173dfbf 16713->16733 16719 173dff2 16714->16719 16720 173e07c 16714->16720 16734 172e510 16715->16734 16718 173dfdf _vswprintf_s 16718->16695 16722 173e075 16719->16722 16723 173dffb 16719->16723 16831 174f8f2 16720->16831 16817 17436e9 16722->16817 16762 1740075 16723->16762 16726 173e000 16727 1783b30 16726->16727 16728 173e01e 16726->16728 16726->16733 16846 1795510 16727->16846 16728->16733 16790 171b1e1 16728->16790 16753 173e090 16733->16753 16735 172b02a 20 API calls 16734->16735 16750 172e57e 16735->16750 16736 172e8b4 16737 1728794 69 API calls 16736->16737 16752 172e8ec 16736->16752 16739 172e8d0 16737->16739 16738 172e904 16741 172e90c 16738->16741 16742 171b1e1 19 API calls 16738->16742 16743 172b02a 20 API calls 16739->16743 16739->16752 16740 17597a0 _vswprintf_s LdrInitializeThunk 16740->16738 16741->16733 16744 177b98c 16742->16744 16743->16752 16745 177b7e9 16746 1795510 12 API calls 16745->16746 16745->16752 16746->16752 16747 172e95a 16747->16733 16748 172e783 16749 1795510 12 API calls 16748->16749 16748->16752 16749->16752 16750->16736 16750->16745 16750->16747 16750->16748 16751 176cdfa 12 API calls 16750->16751 16750->16752 16751->16750 16752->16738 16752->16740 16754 1783b90 16753->16754 16755 173e099 16753->16755 16756 171b1e1 19 API calls 16754->16756 16758 173e0e1 16755->16758 16759 172eef0 27 API calls 16755->16759 16757 1783ba6 16756->16757 16757->16757 16758->16718 16760 173e0bc 16759->16760 16761 172eb70 34 API calls 16760->16761 16761->16758 16763 17400d9 16762->16763 16785 17400ea _vswprintf_s 16762->16785 16764 173c07f 20 API calls 16763->16764 16763->16785 16764->16785 16765 173fda0 104 API calls 16765->16785 16766 1740223 16768 174022f 16766->16768 16769 17402ba 16766->16769 16767 172a8c0 14 API calls 16767->16785 16770 174002d 6 API calls 16768->16770 16771 174f99e 66 API calls 16769->16771 16772 1740234 16770->16772 16773 174023c 16771->16773 16772->16773 16777 1796dc9 63 API calls 16772->16777 16778 1784c11 16773->16778 16779 174024a 16773->16779 16774 17402f3 55 API calls 16774->16785 16775 17402d6 GetPEB 16775->16785 16776 171ad30 GetPEB 16776->16785 16777->16773 16781 171ad30 GetPEB 16778->16781 16782 17402d6 GetPEB 16779->16782 16780 17403e2 248 API calls 16780->16785 16783 1784c1a 16781->16783 16784 174026a 16782->16784 16783->16783 16786 1740274 16784->16786 16787 174b390 GetPEB 16784->16787 16785->16765 16785->16766 16785->16767 16785->16774 16785->16775 16785->16776 16785->16780 16788 175b640 _vswprintf_s 12 API calls 16786->16788 16787->16786 16789 1740287 16788->16789 16789->16726 16791 1737d50 GetPEB 16790->16791 16792 171b1f1 16791->16792 16793 171b1f9 16792->16793 16794 1774a0e GetPEB 16792->16794 16795 1774a21 GetPEB 16793->16795 16802 171b207 16793->16802 16794->16795 16796 1774a34 16795->16796 16795->16802 16797 1737d50 GetPEB 16796->16797 16798 1774a39 16797->16798 16799 1774a4d 16798->16799 16800 1774a3d GetPEB 16798->16800 16801 1797016 16 API calls 16799->16801 16799->16802 16800->16799 16801->16802 16803 171aa16 16802->16803 16804 171aa42 16803->16804 16805 1774458 GetPEB 16803->16805 16804->16805 16806 171aa52 _vswprintf_s 16804->16806 16805->16806 16808 1745e50 52 API calls 16806->16808 16815 171aa64 16806->16815 16807 175b640 _vswprintf_s 12 API calls 16809 171aa71 16807->16809 16811 17744ad 16808->16811 16809->16733 16810 17744e6 16813 17744ee GetPEB 16810->16813 16810->16815 16811->16810 16812 174b230 34 API calls 16811->16812 16814 17744db 16812->16814 16813->16815 16816 171f7a0 36 API calls 16814->16816 16815->16807 16816->16810 16818 1726a3a 54 API calls 16817->16818 16819 1743743 16818->16819 16820 1743792 16819->16820 16821 17402f3 55 API calls 16819->16821 16822 17403e2 248 API calls 16820->16822 16824 17437a5 16820->16824 16828 1743760 16821->16828 16822->16824 16823 171ad30 GetPEB 16826 17437b9 16823->16826 16824->16823 16824->16826 16825 175b640 _vswprintf_s 12 API calls 16827 17437cc 16825->16827 16826->16825 16827->16726 16828->16820 16829 17437d0 16828->16829 16830 174f99e 66 API calls 16829->16830 16830->16824 16832 174f948 16831->16832 16833 174f952 16832->16833 16834 174f97e 16832->16834 16835 174f99e 66 API calls 16833->16835 16836 1726b6b 53 API calls 16834->16836 16837 174f959 16835->16837 16838 174f989 16836->16838 16839 174f967 16837->16839 16840 178bdad 16837->16840 16838->16837 16842 17403e2 248 API calls 16838->16842 16841 175b640 _vswprintf_s 12 API calls 16839->16841 16843 171ad30 GetPEB 16840->16843 16844 174f97a 16841->16844 16842->16837 16845 178bdb6 16843->16845 16844->16726 16845->16845 16850 1795543 16846->16850 16847 1795612 16848 175b640 _vswprintf_s 12 API calls 16847->16848 16849 179561f 16848->16849 16849->16733 16850->16847 16851 1795767 12 API calls 16850->16851 16852 17955f6 16851->16852 16853 171b171 _vswprintf_s 12 API calls 16852->16853 16853->16847 16857 1751130 16854->16857 16860 175115f 16857->16860 16861 17511a8 16860->16861 16862 178cd96 16860->16862 16861->16862 16863 178cd9d 16861->16863 16868 17511e9 _vswprintf_s 16861->16868 16864 17512bd 16863->16864 16866 17e5ba5 34 API calls 16863->16866 16864->16862 16865 175b640 _vswprintf_s 12 API calls 16864->16865 16867 1751159 16865->16867 16866->16864 16867->16596 16868->16864 16869 171ccc0 _vswprintf_s 12 API calls 16868->16869 16869->16864 16871 17dc5cb 16870->16871 16872 175b640 _vswprintf_s 12 API calls 16871->16872 16873 17dc5f9 16872->16873 16873->16438 16875 17ddbae 16874->16875 16880 17ddb4f 16874->16880 16882 17dc95a 16875->16882 16877 17ddbac 16879 175b640 _vswprintf_s 12 API calls 16877->16879 16878 17ddb90 RtlDebugPrintTimes 16878->16877 16881 17ddbcc 16879->16881 16880->16878 16881->16440 16883 17dc9e8 16882->16883 16885 17dc99f 16882->16885 16884 17dd8df 260 API calls 16883->16884 16888 17dc9e4 16884->16888 16886 17dc9c6 RtlDebugPrintTimes 16885->16886 16886->16888 16887 175b640 _vswprintf_s 12 API calls 16889 17dca15 16887->16889 16888->16887 16889->16877 16893 17e318c 16890->16893 16891 17e3169 RtlDebugPrintTimes 16891->16893 16892 17e31d4 RtlDebugPrintTimes 16894 17e319a 16892->16894 16893->16891 16893->16892 16893->16894 16895 17e31a0 RtlDebugPrintTimes 16894->16895 16896 17e31bf 16894->16896 16895->16896 16897 175b640 _vswprintf_s 12 API calls 16896->16897 16898 17e31ce 16897->16898 16898->16343 16903 17e2603 16899->16903 16900 17e286b 16900->16349 16902 17e27a5 16902->16900 16912 17e241a 16902->16912 16903->16902 16905 17e2fbd 16903->16905 16906 17e2fe4 16905->16906 16907 17e3074 RtlDebugPrintTimes 16906->16907 16908 17e30a2 RtlDebugPrintTimes 16906->16908 16909 17e3089 16907->16909 16908->16909 16910 175b640 _vswprintf_s 12 API calls 16909->16910 16911 17e30f0 16910->16911 16911->16902 16913 17e242f 16912->16913 16915 17e246c 16913->16915 16916 17e22ae 16913->16916 16915->16900 16917 17e22dd 16916->16917 16918 17e2fbd 14 API calls 16917->16918 16919 17e23ee 16917->16919 16918->16919 16919->16913 16921 17e0278 16920->16921 16923 17e02c2 16921->16923 16964 17e0ea5 16921->16964 16924 17e02e9 16923->16924 16991 176cf85 16923->16991 16924->16353 16930 17e05d1 16926->16930 16927 17e06db 16927->16355 16928 17e0652 16929 17da854 34 API calls 16928->16929 16932 17e0672 16929->16932 16930->16927 16930->16928 16931 17da80d 28 API calls 16930->16931 16931->16928 16932->16927 17139 17e1293 16932->17139 16935 1737d50 GetPEB 16936 17e069c 16935->16936 16937 17e06b0 16936->16937 16938 17e06a0 GetPEB 16936->16938 16937->16927 16939 17e06ba GetPEB 16937->16939 16938->16937 16939->16927 16940 17e06c9 16939->16940 16941 17d138a 14 API calls 16940->16941 16941->16927 16943 17e0734 16942->16943 16944 17e07d2 16943->16944 16945 17dafde 34 API calls 16943->16945 16944->16358 16946 17e0782 16945->16946 16947 17e1293 34 API calls 16946->16947 16948 17e078e 16947->16948 16949 1737d50 GetPEB 16948->16949 16950 17e0793 16949->16950 16951 17e07a7 16950->16951 16952 17e0797 GetPEB 16950->16952 16951->16944 16953 17e07b1 GetPEB 16951->16953 16952->16951 16953->16944 16954 17e07c0 16953->16954 17143 17d14fb 16954->17143 16957 17e0a3c 16956->16957 17151 17e0392 16957->17151 16960 176cf85 34 API calls 16961 17e0aec 16960->16961 16962 17e0b19 16961->16962 16963 17e1074 36 API calls 16961->16963 16962->16354 16963->16962 16995 17dff69 16964->16995 16966 17e105b 16989 17e1055 16966->16989 17035 17e1074 16966->17035 16969 17e0ecb 16969->16966 16970 17da80d 28 API calls 16969->16970 16974 17e0f32 16969->16974 16970->16974 16971 17e0fab 16973 1737d50 GetPEB 16971->16973 16972 17e0f50 16972->16966 16972->16971 17009 17e15b5 16972->17009 16976 17e0fcf 16973->16976 17001 17da854 16974->17001 16977 17e0fe3 16976->16977 16978 17e0fd3 GetPEB 16976->16978 16979 17e100e 16977->16979 16980 17e0fed GetPEB 16977->16980 16978->16977 16982 1737d50 GetPEB 16979->16982 16980->16979 16981 17e0ffc 16980->16981 17013 17d138a 16981->17013 16984 17e1013 16982->16984 16985 17e1027 16984->16985 16986 17e1017 GetPEB 16984->16986 16987 17e1041 16985->16987 17021 17cfec0 16985->17021 16986->16985 16987->16989 17029 17d52f8 16987->17029 16989->16923 16993 176cf98 16991->16993 16992 176cfb1 16992->16924 16993->16992 16994 17d52f8 34 API calls 16993->16994 16994->16992 16998 17dff9f 16995->16998 17000 17dffd1 16995->17000 16996 17da854 34 API calls 16997 17dfff1 16996->16997 16997->16969 16999 17da80d 28 API calls 16998->16999 16998->17000 16999->17000 17000->16996 17002 17da8c0 17001->17002 17004 17da941 17001->17004 17002->17004 17047 17df021 17002->17047 17005 17daa00 17004->17005 17051 17d53d9 17004->17051 17007 175b640 _vswprintf_s 12 API calls 17005->17007 17008 17daa10 17007->17008 17008->16972 17010 17e15d0 17009->17010 17012 17e15d7 17009->17012 17011 17e165e LdrInitializeThunk 17010->17011 17011->17012 17012->16972 17014 17d13af _vswprintf_s 17013->17014 17015 1737d50 GetPEB 17014->17015 17016 17d13d2 17015->17016 17017 17d13d6 GetPEB 17016->17017 17018 17d13e6 _vswprintf_s 17016->17018 17017->17018 17019 175b640 _vswprintf_s 12 API calls 17018->17019 17020 17d140b 17019->17020 17020->16979 17022 17cfee5 _vswprintf_s 17021->17022 17023 1737d50 GetPEB 17022->17023 17024 17cff02 17023->17024 17025 17cff06 GetPEB 17024->17025 17026 17cff16 _vswprintf_s 17024->17026 17025->17026 17027 175b640 _vswprintf_s 12 API calls 17026->17027 17028 17cff3b 17027->17028 17028->16987 17030 17d53c7 17029->17030 17031 17d5321 17029->17031 17033 175b640 _vswprintf_s 12 API calls 17030->17033 17032 1797b9c 34 API calls 17031->17032 17032->17030 17034 17d53d5 17033->17034 17034->16989 17036 17e1095 17035->17036 17037 17e10b0 17035->17037 17038 17e165e LdrInitializeThunk 17036->17038 17097 17dafde 17037->17097 17038->17037 17041 1737d50 GetPEB 17042 17e10cd 17041->17042 17043 17e10d1 GetPEB 17042->17043 17044 17e10e1 17042->17044 17043->17044 17045 17e10fa 17044->17045 17106 17cfe3f 17044->17106 17045->16989 17048 17df03a 17047->17048 17065 17dee22 17048->17065 17052 17d53f7 17051->17052 17053 17d5552 17051->17053 17054 17d5403 17052->17054 17059 17d54eb 17052->17059 17055 1797b9c 34 API calls 17053->17055 17063 17d547c 17053->17063 17056 17d540b 17054->17056 17057 17d5481 17054->17057 17055->17063 17056->17063 17064 1797b9c 34 API calls 17056->17064 17062 1797b9c 34 API calls 17057->17062 17057->17063 17058 175b640 _vswprintf_s 12 API calls 17060 17d55bd 17058->17060 17061 1797b9c 34 API calls 17059->17061 17059->17063 17060->17005 17061->17063 17062->17063 17063->17058 17064->17063 17066 17dee5d 17065->17066 17067 17dee73 17066->17067 17069 17def09 17066->17069 17075 17deef5 17067->17075 17076 17df607 17067->17076 17068 175b640 _vswprintf_s 12 API calls 17070 17defd4 17068->17070 17069->17075 17081 17df8c5 17069->17081 17070->17004 17075->17068 17077 17df626 17076->17077 17078 17deedd 17077->17078 17087 17e165e 17077->17087 17078->17075 17080 17596e0 LdrInitializeThunk 17078->17080 17080->17075 17082 17df8ea 17081->17082 17083 17df932 17082->17083 17084 17df607 LdrInitializeThunk 17082->17084 17083->17075 17085 17df90f 17084->17085 17085->17083 17096 17596e0 LdrInitializeThunk 17085->17096 17090 17e166a _vswprintf_s 17087->17090 17088 17e1869 _vswprintf_s 17088->17077 17090->17088 17091 17e1d55 17090->17091 17093 17e1d61 _vswprintf_s 17091->17093 17092 17e1fc5 _vswprintf_s 17092->17090 17093->17092 17095 17596e0 LdrInitializeThunk 17093->17095 17095->17092 17096->17083 17098 17db039 17097->17098 17099 17db00a 17097->17099 17104 17db035 17098->17104 17123 17596e0 LdrInitializeThunk 17098->17123 17099->17098 17100 17db00e 17099->17100 17101 17db026 17100->17101 17114 17df209 17100->17114 17101->17041 17104->17101 17105 17d53d9 34 API calls 17104->17105 17105->17101 17107 17cfe64 _vswprintf_s 17106->17107 17108 1737d50 GetPEB 17107->17108 17109 17cfe81 17108->17109 17110 17cfe85 GetPEB 17109->17110 17111 17cfe95 _vswprintf_s 17109->17111 17110->17111 17112 175b640 _vswprintf_s 12 API calls 17111->17112 17113 17cfeba 17112->17113 17113->17045 17115 17df23b 17114->17115 17116 17df27a 17115->17116 17117 17df241 17115->17117 17118 17df28f _vswprintf_s 17116->17118 17125 17596e0 LdrInitializeThunk 17116->17125 17124 17596e0 LdrInitializeThunk 17117->17124 17122 17df26d 17118->17122 17126 17df7dd 17118->17126 17122->17104 17123->17104 17124->17122 17125->17118 17127 17df803 17126->17127 17132 17df4a1 17127->17132 17131 17df82d 17131->17122 17133 17df4bc 17132->17133 17134 17e165e LdrInitializeThunk 17133->17134 17136 17df4ea 17134->17136 17135 17df51c 17138 17596e0 LdrInitializeThunk 17135->17138 17136->17135 17137 17e165e LdrInitializeThunk 17136->17137 17137->17136 17138->17131 17140 17e0697 17139->17140 17141 17e12b2 17139->17141 17140->16935 17142 17d52f8 34 API calls 17141->17142 17142->17140 17144 17d1520 _vswprintf_s 17143->17144 17145 1737d50 GetPEB 17144->17145 17146 17d1543 17145->17146 17147 17d1547 GetPEB 17146->17147 17148 17d1557 _vswprintf_s 17146->17148 17147->17148 17149 175b640 _vswprintf_s 12 API calls 17148->17149 17150 17d157c 17149->17150 17150->16944 17152 17e03a0 17151->17152 17153 17e0589 17152->17153 17154 17e070d 37 API calls 17152->17154 17155 17bda47 259 API calls 17152->17155 17153->16960 17154->17152 17155->17152 17157 17dbbde 17156->17157 17166 17dbd54 17157->17166 17159 17dbc3c 17159->16367 17161 17df9a1 271 API calls 17161->17159 17163 17dbceb 17162->17163 17170 17dae44 17163->17170 17167 17dbc04 17166->17167 17168 17dbd63 17166->17168 17167->17159 17167->17161 17169 1744e70 14 API calls 17168->17169 17169->17167 17171 17dae6a 17170->17171 17174 17daf27 17171->17174 17175 17daf3d 17171->17175 17187 17daf38 17171->17187 17172 17daf6c 17188 17dea55 17172->17188 17173 17dafc3 17210 17dfde2 17173->17210 17178 17da80d 28 API calls 17174->17178 17175->17172 17175->17173 17178->17187 17180 1737d50 GetPEB 17181 17daf85 17180->17181 17182 17daf99 17181->17182 17183 17daf89 GetPEB 17181->17183 17184 17dafa3 GetPEB 17182->17184 17182->17187 17183->17182 17185 17dafb2 17184->17185 17184->17187 17185->17187 17203 17d1608 17185->17203 17187->16362 17189 17dea74 17188->17189 17191 17deab0 17189->17191 17192 17dea8d 17189->17192 17190 17da80d 28 API calls 17193 17daf7a 17190->17193 17194 17dafde 34 API calls 17191->17194 17192->17190 17193->17180 17195 17deb12 17194->17195 17196 17dbcd2 278 API calls 17195->17196 17197 17deb3d 17196->17197 17198 1737d50 GetPEB 17197->17198 17199 17deb48 17198->17199 17200 17deb4c GetPEB 17199->17200 17201 17deb60 17199->17201 17200->17201 17201->17193 17202 17cfe3f 14 API calls 17201->17202 17202->17193 17204 1737d50 GetPEB 17203->17204 17205 17d1634 17204->17205 17206 17d1638 GetPEB 17205->17206 17207 17d1648 _vswprintf_s 17205->17207 17206->17207 17208 175b640 _vswprintf_s 12 API calls 17207->17208 17209 17d166b 17208->17209 17209->17187 17211 17dfdf5 17210->17211 17212 17dfdfe 17211->17212 17213 17dfe12 17211->17213 17214 17da80d 28 API calls 17212->17214 17215 17dfebd 17213->17215 17216 17dfe2c 17213->17216 17222 17dfe0d 17214->17222 17217 17e0a13 264 API calls 17215->17217 17218 17dfe45 17216->17218 17219 17dfe35 17216->17219 17220 17dfecb 17217->17220 17239 17e2b28 17218->17239 17223 17ddbd2 262 API calls 17219->17223 17224 1737d50 GetPEB 17220->17224 17222->17187 17226 17dfe41 17223->17226 17227 17dfed3 17224->17227 17225 17dfe55 17225->17226 17231 17dc8f7 13 API calls 17225->17231 17230 1737d50 GetPEB 17226->17230 17228 17dfee7 17227->17228 17229 17dfed7 GetPEB 17227->17229 17228->17222 17233 17dfef1 GetPEB 17228->17233 17229->17228 17232 17dfe77 17230->17232 17231->17226 17234 17dfe8b 17232->17234 17235 17dfe7b GetPEB 17232->17235 17233->17222 17238 17dfea4 17233->17238 17234->17222 17236 17dfe95 GetPEB 17234->17236 17235->17234 17236->17222 17236->17238 17237 17d1608 14 API calls 17237->17222 17238->17222 17238->17237 17241 17e2b46 17239->17241 17240 17e2bbf 17242 17da80d 28 API calls 17240->17242 17241->17240 17248 17e2bd3 17241->17248 17247 17e2bce 17242->17247 17243 17e2c36 17246 17e241a 14 API calls 17243->17246 17244 17e2c15 17245 17da80d 28 API calls 17244->17245 17245->17247 17249 17e2c4a 17246->17249 17247->17225 17248->17243 17248->17244 17249->17247 17251 17e3209 RtlDebugPrintTimes 17249->17251 17252 17e3242 17251->17252 17253 175b640 _vswprintf_s 12 API calls 17252->17253 17254 17e324d 17253->17254 17254->17247 17255 1719240 17256 171924c _vswprintf_s 17255->17256 17257 171925f 17256->17257 17273 17595d0 LdrInitializeThunk 17256->17273 17274 1719335 17257->17274 17261 1719335 LdrInitializeThunk 17262 1719276 17261->17262 17279 17595d0 LdrInitializeThunk 17262->17279 17264 171927e GetPEB 17265 17377f0 17264->17265 17266 171929a GetPEB 17265->17266 17267 17377f0 17266->17267 17268 17192b6 GetPEB 17267->17268 17270 17192d2 17268->17270 17269 1719330 17270->17269 17271 1719305 GetPEB 17270->17271 17272 171931f _vswprintf_s 17271->17272 17273->17257 17280 17595d0 LdrInitializeThunk 17274->17280 17276 1719342 17281 17595d0 LdrInitializeThunk 17276->17281 17278 171926b 17278->17261 17279->17264 17280->17276 17281->17278 16300 1759540 LdrInitializeThunk 17335 1711e04 17336 1711e10 _vswprintf_s 17335->17336 17337 1711e37 _vswprintf_s 17336->17337 17338 17da80d 28 API calls 17336->17338 17339 176f18b 17338->17339 17282 17436cc 17283 17436d4 GetPEB 17282->17283 17284 17436e6 17282->17284 17285 17436e5 17283->17285 17286 17637cc 17287 17637db 17286->17287 17288 17637ea 17287->17288 17290 176590b 17287->17290 17291 1765917 17290->17291 17294 176592d 17290->17294 17292 175b58e _vswprintf_s 12 API calls 17291->17292 17293 1765923 17292->17293 17293->17288 17294->17288 17340 17cd380 17341 17cd38c 17340->17341 17342 17cd393 17340->17342 17343 17cd3a0 GetPEB 17342->17343 17343->17341

                                  Executed Functions

                                  Function 01759910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 14 1759910-175991c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 401295cc5fd6469bb13b21acdb0f1470a25767559dbce6c9641ca89301a2d43b
                                  • Instruction ID: 834f4a569e77bd8f5e9c98e47625b2f4276fa34a7c7052b3a6bd37ae2b932134
                                  • Opcode Fuzzy Hash: 401295cc5fd6469bb13b21acdb0f1470a25767559dbce6c9641ca89301a2d43b
                                  • Instruction Fuzzy Hash: 879002B131500806D150719A84047464009A7D4341F51C021A9454554ECA998DD576A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017599A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 15 17599a0-17599ac LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 451da52a33e34ac390ec85179fe787ab5c5f0ea9f87cce6d4cc5bb0c3b7f1a6e
                                  • Instruction ID: 6eb8c2e6c3de9fd90129402523b3b32c6968879cbbb55bcb761a1180205462d5
                                  • Opcode Fuzzy Hash: 451da52a33e34ac390ec85179fe787ab5c5f0ea9f87cce6d4cc5bb0c3b7f1a6e
                                  • Instruction Fuzzy Hash: 509002A135500846D110619A8414B064009E7E5341F51C025E5454554DCA59CC527166
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 12 1759860-175986c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b067af2d964a955e37ccd6a1b2e278ff599549cdbf34da4412fe6ba01bb35c20
                                  • Instruction ID: 629727a7ae675f3e0e32fb2fa842a463f7b10fd3d1a8295caa907f878ce8bb69
                                  • Opcode Fuzzy Hash: b067af2d964a955e37ccd6a1b2e278ff599549cdbf34da4412fe6ba01bb35c20
                                  • Instruction Fuzzy Hash: A490027131500817D121619A8504707400DA7D4281F91C422A4814558DDA968952B161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 11 1759840-175984c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8b43f113bdc97a7634cec38878f50f5ab90d829341141523d54426433127a6c2
                                  • Instruction ID: 85ee13ff4fa0b772b0ed031749e8a2a5bb1e5db8e769ac49fc180151e59e6679
                                  • Opcode Fuzzy Hash: 8b43f113bdc97a7634cec38878f50f5ab90d829341141523d54426433127a6c2
                                  • Instruction Fuzzy Hash: 9C900261356045565555B19A8404507800AB7E4281791C022A5804950CC9669856F661
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017598F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 13 17598f0-17598fc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7e83690e6492ac161b4d35cfe705da9919bdc31bf608f85f02e3b43b022ab26c
                                  • Instruction ID: 2180f55a542fb8f78a9a90a256fab85f9ee21e851cd7be5e155dbf99f61cd5dc
                                  • Opcode Fuzzy Hash: 7e83690e6492ac161b4d35cfe705da9919bdc31bf608f85f02e3b43b022ab26c
                                  • Instruction Fuzzy Hash: 8890026171500906D111719A8404616400EA7D4281F91C032A5414555ECE658992B171
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4f7dddac4d9aedab77d92273f0198df35ddbc6fd87bc8659b7d6c540f05f396f
                                  • Instruction ID: 04f5955adba394b55514fe8ddd8463de76f24851a5d4c39d9300a596a08e622b
                                  • Opcode Fuzzy Hash: 4f7dddac4d9aedab77d92273f0198df35ddbc6fd87bc8659b7d6c540f05f396f
                                  • Instruction Fuzzy Hash: 1C90026132580446D21065AA8C14B074009A7D4343F51C125A4544554CCD5588617561
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 17 1759a20-1759a2c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: acc39c478c64f9d83cfcc1ab9cfc9490ba6cac331791ad8d3716cbae99c35554
                                  • Instruction ID: b86e2c9f6a8bcdb290caf89d8abea61150be7067de0e5864b6be906acb270bde
                                  • Opcode Fuzzy Hash: acc39c478c64f9d83cfcc1ab9cfc9490ba6cac331791ad8d3716cbae99c35554
                                  • Instruction Fuzzy Hash: AA90026171500446415071AAC8449068009BBE5251751C131A4D88550DC999886576A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 16 1759a00-1759a0c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 195377a14f8c971c86655ba78b4383b81eb7ffeee7db56424b0b7f4f6932133d
                                  • Instruction ID: 941bc59eb1005b40cccac7f055d687af7475f1c38ac05765b51282c9f96e8c6e
                                  • Opcode Fuzzy Hash: 195377a14f8c971c86655ba78b4383b81eb7ffeee7db56424b0b7f4f6932133d
                                  • Instruction Fuzzy Hash: 2790027131540806D110619A881470B4009A7D4342F51C021A5554555DCA65885175B1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 4 1759540-175954c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 26e81715abbe59193599ad6cff2f54ba1d2afc6df706104eec9a0f86526e2f61
                                  • Instruction ID: 58d29fd8f3092561d818073debf2e1fa1412821d8d281e55faece6183825a86f
                                  • Opcode Fuzzy Hash: 26e81715abbe59193599ad6cff2f54ba1d2afc6df706104eec9a0f86526e2f61
                                  • Instruction Fuzzy Hash: A5900265325004070115A59A4704507404AA7D9391351C031F5405550CDA6188617161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017595D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5 17595d0-17595dc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8309c0f5b3f768f53f517b4933e7316f21418f2ad982992da383cd3687b017b8
                                  • Instruction ID: 98a7735f009bda13d4e8ec7d5d8867041b941ead3ba5441a7f953da758b18cba
                                  • Opcode Fuzzy Hash: 8309c0f5b3f768f53f517b4933e7316f21418f2ad982992da383cd3687b017b8
                                  • Instruction Fuzzy Hash: 9D9002A1316004074115719A8414616800EA7E4241B51C031E5404590DC96588917165
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 8 1759710-175971c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4db4ebf244dfd25739082473b00c5ef01e15502feac5594b22b03b8b530c6270
                                  • Instruction ID: bcd0c1f04adb9fc4837872ede0d79e2cd39d4c3092d6ae13b130450180461d12
                                  • Opcode Fuzzy Hash: 4db4ebf244dfd25739082473b00c5ef01e15502feac5594b22b03b8b530c6270
                                  • Instruction Fuzzy Hash: 1A90027131500806D11065DA94086464009A7E4341F51D021A9414555ECAA588917171
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017597A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 10 17597a0-17597ac LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d19322abcbe5b77f2331f74ec9f9dff9eb6b756f2fda60031a3b536b615c572e
                                  • Instruction ID: 5795688dd1a40193616bb796bb87086477f242ecfb4ee96726a23c1bd1b3eb82
                                  • Opcode Fuzzy Hash: d19322abcbe5b77f2331f74ec9f9dff9eb6b756f2fda60031a3b536b615c572e
                                  • Instruction Fuzzy Hash: DE90026131500407D150719A94186068009F7E5341F51D021E4804554CDD5588567262
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 9 1759780-175978c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b4df559a4e28a68bc547dc0d72d9943fbb49bf726b2d9ccd2bd3ea22b390f798
                                  • Instruction ID: 8f45b5924f0998d4e49ecb917e6f3b8249f6a72804d37bf9d2f8f58a9fb7b0b3
                                  • Opcode Fuzzy Hash: b4df559a4e28a68bc547dc0d72d9943fbb49bf726b2d9ccd2bd3ea22b390f798
                                  • Instruction Fuzzy Hash: 5190026932700406D190719A940860A4009A7D5242F91D425A4405558CCD5588697361
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 6 1759660-175966c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f7f283916b179743b7f0dda35dc994a7dfd1ca197dcae0c1d119563c4c2b1ab6
                                  • Instruction ID: 3f145d0d0c1fe763a2a1ce7f22a0090b583caf92c9a44847da693cb4b779c547
                                  • Opcode Fuzzy Hash: f7f283916b179743b7f0dda35dc994a7dfd1ca197dcae0c1d119563c4c2b1ab6
                                  • Instruction Fuzzy Hash: FE90027131500C06D190719A840464A4009A7D5341F91C025A4415654DCE558A5977E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017596E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 7 17596e0-17596ec LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6d66e3652616a153122a3b9cfdb57e277bf5f7301a129877d1250775f16ab285
                                  • Instruction ID: 552be38f6fc321dc2103207fe04c882348442f048a221fe0994a0cde47a66b1b
                                  • Opcode Fuzzy Hash: 6d66e3652616a153122a3b9cfdb57e277bf5f7301a129877d1250775f16ab285
                                  • Instruction Fuzzy Hash: D090027131508C06D120619AC40474A4009A7D4341F55C421A8814658DCAD588917161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 175967a-175967f 1 1759681-1759688 0->1 2 175968f-1759696 LdrInitializeThunk 0->2
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bd99a5c2e51183ddb1586fd6c3ad0d2cc20fb54e66e944d2a64b31987f2ec5d3
                                  • Instruction ID: 3d812c6418611648d39c06edc3f8dd7db4b25b3db32223c1c6e77b2f7a013789
                                  • Opcode Fuzzy Hash: bd99a5c2e51183ddb1586fd6c3ad0d2cc20fb54e66e944d2a64b31987f2ec5d3
                                  • Instruction Fuzzy Hash: 23B09B719054C5C9E751D7A54608717F944B7D4745F16C061D6420641F4778C095F5B5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041F060 Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.533662404.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041F000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_41f000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6c011715bffd9b8cce80ad9014cc9cfdf330e3e40b875a6d85623cd234ff0b3
                                  • Instruction ID: 318487e5e0aea3dc49f7eb1cd4554a1f15d8c32a5429445fd8a7697016cc2948
                                  • Opcode Fuzzy Hash: a6c011715bffd9b8cce80ad9014cc9cfdf330e3e40b875a6d85623cd234ff0b3
                                  • Instruction Fuzzy Hash: 0FA022A0C0830C03002030FA2A83023B32CC000A08F0003EAAE8C022023C02A83200EB
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 017CB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  • *** enter .exr %p for the exception record, xrefs: 017CB4F1
                                  • *** enter .cxr %p for the context, xrefs: 017CB50D
                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 017CB47D
                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 017CB484
                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 017CB39B
                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 017CB323
                                  • The resource is owned shared by %d threads, xrefs: 017CB37E
                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 017CB352
                                  • *** Inpage error in %ws:%s, xrefs: 017CB418
                                  • The critical section is owned by thread %p., xrefs: 017CB3B9
                                  • <unknown>, xrefs: 017CB27E, 017CB2D1, 017CB350, 017CB399, 017CB417, 017CB48E
                                  • *** then kb to get the faulting stack, xrefs: 017CB51C
                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 017CB314
                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017CB3D6
                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 017CB53F
                                  • The instruction at %p referenced memory at %p., xrefs: 017CB432
                                  • The instruction at %p tried to %s , xrefs: 017CB4B6
                                  • The resource is owned exclusively by thread %p, xrefs: 017CB374
                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 017CB2F3
                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 017CB305
                                  • read from, xrefs: 017CB4AD, 017CB4B2
                                  • Go determine why that thread has not released the critical section., xrefs: 017CB3C5
                                  • This failed because of error %Ix., xrefs: 017CB446
                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017CB38F
                                  • *** An Access Violation occurred in %ws:%s, xrefs: 017CB48F
                                  • an invalid address, %p, xrefs: 017CB4CF
                                  • a NULL pointer, xrefs: 017CB4E0
                                  • write to, xrefs: 017CB4A6
                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 017CB476
                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 017CB2DC
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                  • API String ID: 0-108210295
                                  • Opcode ID: 7eed1adbf3954d3ba886fb8d0c4845406c7a0e43233bda50efc658b91673fa67
                                  • Instruction ID: 91668504391a10b0ae959f4af06d06917b40db6e8ddd26fb13546ecc571fe58f
                                  • Opcode Fuzzy Hash: 7eed1adbf3954d3ba886fb8d0c4845406c7a0e43233bda50efc658b91673fa67
                                  • Instruction Fuzzy Hash: 7C81E2B5A00310FFDB266B8ACC5AD7FFF66EF96B91B40408CF5042B156E2618951C672
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E017D1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x16f48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0171B150();
				} else {
					E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x180589c);
				E0171B150("Heap error detected at %p (heap handle %p)\n",  *0x18058a0);
				_t27 =  *0x1805898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M017D1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0171B150();
				} else {
					E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0171B150("Error code: %d - %s\n",  *0x1805898);
				_t113 =  *0x18058a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0171B150();
					} else {
						E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0171B150("Parameter1: %p\n",  *0x18058a4);
				}
				_t115 =  *0x18058a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0171B150();
					} else {
						E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0171B150("Parameter2: %p\n",  *0x18058a8);
				}
				_t117 =  *0x18058ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0171B150();
					} else {
						E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0171B150("Parameter3: %p\n",  *0x18058ac);
				}
				_t119 =  *0x18058b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0171B150();
					} else {
						E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x18058b4);
					E0171B150("Last known valid blocks: before - %p, after - %p\n",  *0x18058b0);
				} else {
					_t120 =  *0x18058b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0171B150();
				} else {
					E0171B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0171B150("Stack trace available at %p\n", 0x18058c0);
			}











                                  0x017d1c10
                                  0x017d1c16
                                  0x017d1c1e
                                  0x017d1c3d
                                  0x017d1c3e
                                  0x017d1c20
                                  0x017d1c35
                                  0x017d1c3a
                                  0x017d1c44
                                  0x017d1c55
                                  0x017d1c5a
                                  0x017d1c65
                                  0x017d1c67
                                  0x00000000
                                  0x017d1c6e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017d1c67
                                  0x017d1cdc
                                  0x017d1ce5
                                  0x017d1d04
                                  0x017d1d05
                                  0x017d1ce7
                                  0x017d1cfc
                                  0x017d1d01
                                  0x017d1d0b
                                  0x017d1d17
                                  0x017d1d1f
                                  0x017d1d25
                                  0x017d1d30
                                  0x017d1d4f
                                  0x017d1d50
                                  0x017d1d32
                                  0x017d1d47
                                  0x017d1d4c
                                  0x017d1d61
                                  0x017d1d67
                                  0x017d1d68
                                  0x017d1d6e
                                  0x017d1d79
                                  0x017d1d98
                                  0x017d1d99
                                  0x017d1d7b
                                  0x017d1d90
                                  0x017d1d95
                                  0x017d1daa
                                  0x017d1db0
                                  0x017d1db1
                                  0x017d1db7
                                  0x017d1dc2
                                  0x017d1de1
                                  0x017d1de2
                                  0x017d1dc4
                                  0x017d1dd9
                                  0x017d1dde
                                  0x017d1df3
                                  0x017d1df9
                                  0x017d1dfa
                                  0x017d1e00
                                  0x017d1e0a
                                  0x017d1e13
                                  0x017d1e32
                                  0x017d1e33
                                  0x017d1e15
                                  0x017d1e2a
                                  0x017d1e2f
                                  0x017d1e39
                                  0x017d1e4a
                                  0x017d1e02
                                  0x017d1e02
                                  0x017d1e08
                                  0x00000000
                                  0x00000000
                                  0x017d1e08
                                  0x017d1e5b
                                  0x017d1e7a
                                  0x017d1e7b
                                  0x017d1e5d
                                  0x017d1e72
                                  0x017d1e77
                                  0x017d1e95

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                  • API String ID: 0-2897834094
                                  • Opcode ID: 728a22e272874e6bb7441c3bf39348b07071de0bcee9cce9404bdd9766bc3f94
                                  • Instruction ID: 9978f4f2524a307429b950812cefc80a2b3ed45e83fbb21f4367c267cad6ebfd
                                  • Opcode Fuzzy Hash: 728a22e272874e6bb7441c3bf39348b07071de0bcee9cce9404bdd9766bc3f94
                                  • Instruction Fuzzy Hash: 0761A63251524DDFD712AB8DE888D25F3F4EB09A21B4E84BEF90D5B345DA3499808F19
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01748E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E01748E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x180d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1808464; // 0x76ed0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1805780 & 0x00000003) != 0) {
							E01795510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1805780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0175B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1807984; // 0x11b2b88
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1808464; // 0x76ed0110
					 *0x180b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01749B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1805780 & 0x00000005) != 0) {
						_push(_t49);
						E01795510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                  0x01748e0f
                                  0x01748e16
                                  0x01748e19
                                  0x01748e1b
                                  0x01748e21
                                  0x01748e7f
                                  0x01748e85
                                  0x01789354
                                  0x0178936c
                                  0x01789371
                                  0x0178937b
                                  0x01789381
                                  0x01789381
                                  0x0178937b
                                  0x01748e9d
                                  0x01748e9d
                                  0x01748e29
                                  0x01748e2c
                                  0x01748e38
                                  0x01748e3e
                                  0x01748e43
                                  0x01748eb5
                                  0x01748eb9
                                  0x017892aa
                                  0x017892af
                                  0x017892e8
                                  0x017892e8
                                  0x017892af
                                  0x01748eb9
                                  0x01748e45
                                  0x01748e53
                                  0x01748e5b
                                  0x01748e5f
                                  0x01748e78
                                  0x01748e78
                                  0x01748e7d
                                  0x01748ec3
                                  0x01748ecd
                                  0x01748ed2
                                  0x01748ed2
                                  0x01748ec5
                                  0x01748ec5
                                  0x00000000
                                  0x01748e7d
                                  0x01748e67
                                  0x01748ea4
                                  0x0178931a
                                  0x00000000
                                  0x00000000
                                  0x01789320
                                  0x01748ea4
                                  0x01748e70
                                  0x01789325
                                  0x01789340
                                  0x01789345
                                  0x01789345
                                  0x01748e76
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  Strings
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 01789357
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0178932A
                                  • LdrpFindDllActivationContext, xrefs: 01789331, 0178935D
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 0178933B, 01789367
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-3779518884
                                  • Opcode ID: 119c129b0d832cc0a9b34b7d357fd9494740b0e62bff208617d8003bd4c0a442
                                  • Instruction ID: 6b9c985553ea8a25354cdf3e41a82f8d2acd041a33d388da9f35ca61d52c07ee
                                  • Opcode Fuzzy Hash: 119c129b0d832cc0a9b34b7d357fd9494740b0e62bff208617d8003bd4c0a442
                                  • Instruction Fuzzy Hash: E5412A31A4033D9FEB37AA9CCC8CA36F6A5AB4D758F0A416DDA0557151E7709D808783
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01723D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E01723D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01721B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01721B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01721B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01721B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01721B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01734620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0175F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01761370(_t276, 0x16f4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0175BB40(0,  &_v68, _t170);
									if(L017243C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0175BB40(_t257,  &_v68, _t243);
								if(L017243C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01761370(_t278, 0x16f4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01734620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0175F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01761370(_v16, 0x16f4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0175BB40(_t262,  &_v68, _t244);
								if(L017243C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01761370(_t282, 0x16f4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0175BB40(_t262,  &_v68, _t201);
							if(L017243C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01734620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0175F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01761370(_t280, 0x16f4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0175BB40(_t267,  &_v68, _t245);
							if(L017243C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01761370(_t284, 0x16f4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0175BB40(_t267,  &_v68, _t224);
						if(L017243C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                  0x01723d3c
                                  0x01723d42
                                  0x01723d44
                                  0x01723d46
                                  0x01723d49
                                  0x01723d4c
                                  0x01723d4f
                                  0x01723d52
                                  0x01723d55
                                  0x01723d58
                                  0x01723d5b
                                  0x01723d5f
                                  0x01723d61
                                  0x01723d66
                                  0x01778213
                                  0x01778218
                                  0x01724085
                                  0x01724088
                                  0x0172408e
                                  0x01724094
                                  0x0172409a
                                  0x017240a0
                                  0x017240a6
                                  0x017240a9
                                  0x017240af
                                  0x017240b6
                                  0x017240bd
                                  0x017240bd
                                  0x01723d83
                                  0x0177821f
                                  0x01778229
                                  0x01778238
                                  0x01778238
                                  0x0177823d
                                  0x0177823d
                                  0x01723da0
                                  0x01723daf
                                  0x01723db5
                                  0x01723dba
                                  0x01723dba
                                  0x01723dd4
                                  0x01723e94
                                  0x01723eab
                                  0x01723f6d
                                  0x01723f84
                                  0x0172406b
                                  0x0172406b
                                  0x0172406e
                                  0x0172406e
                                  0x01724070
                                  0x01724074
                                  0x01778351
                                  0x01778351
                                  0x0172407a
                                  0x0172407f
                                  0x0177835d
                                  0x01778370
                                  0x01778377
                                  0x01778379
                                  0x0177837c
                                  0x0177837c
                                  0x0177835d
                                  0x00000000
                                  0x0172407f
                                  0x01723f8a
                                  0x01723f8d
                                  0x01723f90
                                  0x01723f95
                                  0x0177830d
                                  0x0177830f
                                  0x01723f9b
                                  0x01723fac
                                  0x01723fae
                                  0x01723fb1
                                  0x01723fb1
                                  0x01723fb6
                                  0x01778317
                                  0x0177831a
                                  0x00000000
                                  0x01723fbc
                                  0x01723fc1
                                  0x01723fc9
                                  0x01723fd7
                                  0x01723fda
                                  0x01723fdd
                                  0x01724021
                                  0x01724021
                                  0x01724029
                                  0x01724030
                                  0x01724044
                                  0x01724046
                                  0x01724046
                                  0x01724044
                                  0x01724049
                                  0x01778327
                                  0x01778334
                                  0x01778339
                                  0x0177833c
                                  0x0172404f
                                  0x0172404f
                                  0x0172404f
                                  0x01724051
                                  0x01724056
                                  0x01724063
                                  0x01724063
                                  0x01724068
                                  0x00000000
                                  0x01724068
                                  0x01723fdf
                                  0x01723fe2
                                  0x01723fe4
                                  0x01723fe7
                                  0x01723fef
                                  0x01724003
                                  0x01724005
                                  0x01724005
                                  0x0172400c
                                  0x01724013
                                  0x01724016
                                  0x01724017
                                  0x0172401b
                                  0x0172401e
                                  0x00000000
                                  0x0172401e
                                  0x01723fb6
                                  0x01723eb1
                                  0x01723eb4
                                  0x01723eb7
                                  0x01723ebc
                                  0x017782a9
                                  0x017782ab
                                  0x01723ec2
                                  0x01723ed3
                                  0x01723ed5
                                  0x01723ed8
                                  0x01723ed8
                                  0x01723edd
                                  0x017782b3
                                  0x017782b6
                                  0x00000000
                                  0x01723ee3
                                  0x01723ee8
                                  0x01723eed
                                  0x01723ef0
                                  0x01723ef3
                                  0x01723f02
                                  0x01723f05
                                  0x01723f08
                                  0x017782c0
                                  0x017782c3
                                  0x017782c5
                                  0x017782c8
                                  0x017782d0
                                  0x017782e4
                                  0x017782e6
                                  0x017782e6
                                  0x017782ed
                                  0x017782f4
                                  0x017782f7
                                  0x017782f8
                                  0x017782fc
                                  0x017782ff
                                  0x017782ff
                                  0x01723f0e
                                  0x01723f11
                                  0x01723f16
                                  0x01723f1d
                                  0x01723f31
                                  0x01778307
                                  0x01778307
                                  0x01723f31
                                  0x01723f39
                                  0x01723f48
                                  0x01723f4d
                                  0x01723f50
                                  0x01723f50
                                  0x01723f53
                                  0x01723f58
                                  0x01723f65
                                  0x01723f65
                                  0x01723f6a
                                  0x00000000
                                  0x01723f6a
                                  0x01723edd
                                  0x01723dda
                                  0x01723ddd
                                  0x01723de0
                                  0x01723de5
                                  0x01778245
                                  0x01723deb
                                  0x01723df7
                                  0x01723dfc
                                  0x01723dfe
                                  0x01723e01
                                  0x01723e01
                                  0x01723e06
                                  0x0177824d
                                  0x0177824f
                                  0x01778254
                                  0x00000000
                                  0x01723e0c
                                  0x01723e11
                                  0x01723e16
                                  0x01723e19
                                  0x01723e29
                                  0x01723e2c
                                  0x01723e2f
                                  0x0177825c
                                  0x0177825f
                                  0x01778261
                                  0x01778264
                                  0x0177826c
                                  0x01778280
                                  0x01778282
                                  0x01778282
                                  0x01778289
                                  0x01778290
                                  0x01778293
                                  0x01778294
                                  0x01778298
                                  0x0177829b
                                  0x0177829b
                                  0x01723e35
                                  0x01723e38
                                  0x01723e3d
                                  0x01723e44
                                  0x01723e58
                                  0x017782a3
                                  0x017782a3
                                  0x01723e58
                                  0x01723e60
                                  0x01723e6f
                                  0x01723e74
                                  0x01723e77
                                  0x01723e77
                                  0x01723e7a
                                  0x01723e7f
                                  0x01723e8c
                                  0x01723e8c
                                  0x01723e91
                                  0x00000000
                                  0x01723e91

                                  Strings
                                  • Kernel-MUI-Number-Allowed, xrefs: 01723D8C
                                  • Kernel-MUI-Language-SKU, xrefs: 01723F70
                                  • WindowsExcludedProcs, xrefs: 01723D6F
                                  • Kernel-MUI-Language-Disallowed, xrefs: 01723E97
                                  • Kernel-MUI-Language-Allowed, xrefs: 01723DC0
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                  • API String ID: 0-258546922
                                  • Opcode ID: 6453d8cd1d5af1a213d5a1823e8ad9c0d9c4bc945ac7d347679fbfab909a0037
                                  • Instruction ID: b1e955fef0aa3b4febfffcae58cedf964b626ffcbe21f02dd938d55f04e45655
                                  • Opcode Fuzzy Hash: 6453d8cd1d5af1a213d5a1823e8ad9c0d9c4bc945ac7d347679fbfab909a0037
                                  • Instruction Fuzzy Hash: FEF14C72D00629EFCF11DF98C984AEEFBB9FF48650F15006AE905A7215E7749E01CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01728794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 83%
                                  			E01728794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0172934A() != 0) {
								_t159 = E0179A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1805780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01795510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1805780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0172849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01728999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01728999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1805c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1805c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01732280(_t92, 0x18086cc);
															_t94 = E017E9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E017461A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1805c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01728A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1805c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1805c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0175F380(_t136, 0x16f1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01732280(_t108, 0x18086cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E017461A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E017E9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0172FFB0(_t118, _t156, 0x18086cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01759A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                  0x01728799
                                  0x0172879d
                                  0x017287a1
                                  0x017287a3
                                  0x017287a8
                                  0x017287c3
                                  0x017287c3
                                  0x017287c8
                                  0x017287d1
                                  0x017287d4
                                  0x017287d8
                                  0x017287e5
                                  0x017287ec
                                  0x01779bfe
                                  0x01779c00
                                  0x01779c02
                                  0x01779c08
                                  0x01779c0d
                                  0x01779c0f
                                  0x01779c14
                                  0x01779c2d
                                  0x01779c32
                                  0x01779c37
                                  0x01779c3a
                                  0x01779c3c
                                  0x01779c42
                                  0x01779c42
                                  0x01779c3c
                                  0x01779c02
                                  0x017287da
                                  0x017287df
                                  0x017287e3
                                  0x00000000
                                  0x00000000
                                  0x017287e3
                                  0x017287f2
                                  0x00000000
                                  0x017287fb
                                  0x017287fd
                                  0x017287fe
                                  0x0172880e
                                  0x0172880f
                                  0x01728810
                                  0x01728814
                                  0x0172881a
                                  0x0172881c
                                  0x0172881f
                                  0x01728821
                                  0x01728822
                                  0x01728824
                                  0x01728826
                                  0x0172882c
                                  0x0172882e
                                  0x01779c48
                                  0x01779c48
                                  0x01728834
                                  0x01728834
                                  0x01728837
                                  0x00000000
                                  0x00000000
                                  0x01728837
                                  0x0172882e
                                  0x0172883d
                                  0x01728840
                                  0x01728843
                                  0x01728846
                                  0x01728849
                                  0x0172884c
                                  0x0172884e
                                  0x01728850
                                  0x01728852
                                  0x01728854
                                  0x01728857
                                  0x017288b4
                                  0x017288b6
                                  0x017288b6
                                  0x01728859
                                  0x01728859
                                  0x01728859
                                  0x01728861
                                  0x01728866
                                  0x0172886a
                                  0x0172893d
                                  0x01728941
                                  0x00000000
                                  0x01728947
                                  0x01728947
                                  0x0172894a
                                  0x0172894c
                                  0x00000000
                                  0x01728952
                                  0x01728955
                                  0x0172895a
                                  0x0172895d
                                  0x0172895d
                                  0x0172895f
                                  0x01728961
                                  0x01728961
                                  0x01728968
                                  0x00000000
                                  0x00000000
                                  0x0172896a
                                  0x0172896b
                                  0x0172896e
                                  0x00000000
                                  0x01728970
                                  0x01728970
                                  0x01728970
                                  0x01728970
                                  0x01728972
                                  0x01728972
                                  0x01728974
                                  0x00000000
                                  0x0172897a
                                  0x0172897a
                                  0x0172897d
                                  0x00000000
                                  0x01728983
                                  0x01779c65
                                  0x01779c6d
                                  0x01779c72
                                  0x01779c75
                                  0x01779c75
                                  0x01779c82
                                  0x01779c86
                                  0x01779c87
                                  0x01779c88
                                  0x01779c89
                                  0x01779c8c
                                  0x01779c90
                                  0x01779c95
                                  0x01779c97
                                  0x01779ca0
                                  0x01779ca3
                                  0x01779ca9
                                  0x01779ca9
                                  0x00000000
                                  0x01779ca9
                                  0x01779ca3
                                  0x00000000
                                  0x01779c97
                                  0x0172897d
                                  0x00000000
                                  0x01728974
                                  0x01728988
                                  0x01728992
                                  0x01728996
                                  0x00000000
                                  0x01728996
                                  0x0172894c
                                  0x00000000
                                  0x01728870
                                  0x0172887b
                                  0x0172887d
                                  0x0172887f
                                  0x01728881
                                  0x01728884
                                  0x01728884
                                  0x01728886
                                  0x01728889
                                  0x0172888c
                                  0x0172888e
                                  0x01728891
                                  0x01728891
                                  0x01728898
                                  0x00000000
                                  0x00000000
                                  0x0172889a
                                  0x0172889b
                                  0x0172889e
                                  0x00000000
                                  0x00000000
                                  0x017288a0
                                  0x017288a8
                                  0x017288b0
                                  0x017288b2
                                  0x017288d3
                                  0x017288d5
                                  0x00000000
                                  0x017288d7
                                  0x017288db
                                  0x017288dc
                                  0x017288e0
                                  0x017288e8
                                  0x017288ee
                                  0x017288f0
                                  0x017288f3
                                  0x017288fc
                                  0x01728901
                                  0x01728906
                                  0x0172890c
                                  0x0172890c
                                  0x0172890f
                                  0x01728916
                                  0x01728917
                                  0x01728918
                                  0x01728919
                                  0x0172891a
                                  0x0172891f
                                  0x01728921
                                  0x01779c52
                                  0x01779c55
                                  0x01779c5b
                                  0x01779cac
                                  0x01779cc0
                                  0x01779cc0
                                  0x01779c55
                                  0x01728927
                                  0x01728927
                                  0x0172892f
                                  0x01728933
                                  0x00000000
                                  0x017288f5
                                  0x017288f5
                                  0x00000000
                                  0x017288f7
                                  0x017288f7
                                  0x017288fa
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017288fa
                                  0x017288f5
                                  0x017288f3
                                  0x00000000
                                  0x017288d5
                                  0x00000000
                                  0x017288b2
                                  0x017288c9
                                  0x00000000
                                  0x017288c9
                                  0x0172887f
                                  0x0172886a
                                  0x01728857
                                  0x01728852
                                  0x017288bf
                                  0x017288bf
                                  0x017287aa
                                  0x017287ad
                                  0x017287ae
                                  0x017287b4
                                  0x017287b5
                                  0x017287b6
                                  0x017287b8
                                  0x017287bd
                                  0x017287c1
                                  0x017287f4
                                  0x017287fa
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017287c1
                                  0x00000000

                                  Strings
                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01779C18
                                  • LdrpDoPostSnapWork, xrefs: 01779C1E
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01779C28
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 2994545307-1948996284
                                  • Opcode ID: 0751100c2a34a1de3cc2f77c8dbb2219e4fb86480c3c48ee772a8c6db7a32319
                                  • Instruction ID: 1138972079e85120493139c34942e333c75bf927ef637b83d2b49223539d5494
                                  • Opcode Fuzzy Hash: 0751100c2a34a1de3cc2f77c8dbb2219e4fb86480c3c48ee772a8c6db7a32319
                                  • Instruction Fuzzy Hash: 83912531A0022ADFEF18CF58C88097AF7F5FF54314F054069EA01AB255D772EA02CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01727E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E01727E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0172CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0171C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1805780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01795510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1805780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01737D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01737D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01797016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01737D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01737D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01797016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0174A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0171B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                  0x01727e4c
                                  0x01727e50
                                  0x01727e55
                                  0x01727e58
                                  0x01727e5d
                                  0x01727e71
                                  0x01727f33
                                  0x01727e77
                                  0x01727e77
                                  0x01727e79
                                  0x01727e79
                                  0x01727e7e
                                  0x01727f45
                                  0x01779848
                                  0x00000000
                                  0x01779848
                                  0x01727f4e
                                  0x01727f53
                                  0x01727f5a
                                  0x00000000
                                  0x00000000
                                  0x0177985a
                                  0x01779862
                                  0x01779866
                                  0x00000000
                                  0x0177986c
                                  0x00000000
                                  0x0177986c
                                  0x01727e84
                                  0x01727e84
                                  0x01727e8d
                                  0x01779871
                                  0x01727eb8
                                  0x01727ec0
                                  0x01727ec0
                                  0x01727e9a
                                  0x0177987e
                                  0x00000000
                                  0x00000000
                                  0x01779884
                                  0x0177988b
                                  0x017798a7
                                  0x017798ac
                                  0x017798b1
                                  0x017798b6
                                  0x017798b8
                                  0x017798b8
                                  0x017798b9
                                  0x00000000
                                  0x017798b9
                                  0x01727ea0
                                  0x01727ea7
                                  0x00000000
                                  0x00000000
                                  0x01727eac
                                  0x01727eb1
                                  0x01727ec6
                                  0x01727ed0
                                  0x017798cc
                                  0x01727ed6
                                  0x01727ed6
                                  0x01727ed6
                                  0x01727ede
                                  0x01727ee3
                                  0x017798e3
                                  0x017798f0
                                  0x01779902
                                  0x017798f2
                                  0x017798fb
                                  0x017798fb
                                  0x01779907
                                  0x0177991d
                                  0x0177991d
                                  0x01779907
                                  0x017798e3
                                  0x01727ef0
                                  0x01727f14
                                  0x01727f14
                                  0x01727f1e
                                  0x01779946
                                  0x01727f24
                                  0x01727f24
                                  0x01727f24
                                  0x01727f2c
                                  0x0177996a
                                  0x01779975
                                  0x01779975
                                  0x0177997e
                                  0x01779993
                                  0x01779993
                                  0x0177997e
                                  0x00000000
                                  0x01727ef2
                                  0x01727efc
                                  0x01727f0a
                                  0x01727f0e
                                  0x01779933
                                  0x00000000
                                  0x01779933
                                  0x00000000
                                  0x01727f0e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01727eb1

                                  Strings
                                  • minkernel\ntdll\ldrmap.c, xrefs: 017798A2
                                  • LdrpCompleteMapModule, xrefs: 01779898
                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 01779891
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                  • API String ID: 0-1676968949
                                  • Opcode ID: 3104507fd267864ba8ac1d9d8590982c56e4f91e7b284a19cf64ddf8b6200ca4
                                  • Instruction ID: 8da5f292091cd4eaef9b52293696d0abb2953bef0b794384c2f11014493a0738
                                  • Opcode Fuzzy Hash: 3104507fd267864ba8ac1d9d8590982c56e4f91e7b284a19cf64ddf8b6200ca4
                                  • Instruction Fuzzy Hash: E051F631A04745DBEB2ACB5CCA48B26FBE4BF55324F040699EA519B3D1D730ED01CB60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E0171E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0171F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E017595D0();
						}
						if(_t78 != 0) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0175FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0175BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01759600();
					if(_t97 < 0) {
						goto L6;
					}
					E0175BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0171F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0175BB40(_t83, _t102 + 0x24, _t78);
								if(L017243C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0175BB40(_t84, _t102 + 0x24, _t94);
									if(L017243C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                  0x0171e620
                                  0x0171e628
                                  0x0171e62f
                                  0x0171e631
                                  0x0171e635
                                  0x0171e637
                                  0x0171e63e
                                  0x01775503
                                  0x01775503
                                  0x0171e64c
                                  0x0171e64c
                                  0x0171e651
                                  0x00000000
                                  0x00000000
                                  0x0171e661
                                  0x0171e665
                                  0x0177542a
                                  0x0171e715
                                  0x0171e71a
                                  0x0171e71c
                                  0x0171e720
                                  0x0171e720
                                  0x0171e727
                                  0x0171e736
                                  0x0171e736
                                  0x0171e743
                                  0x0171e743
                                  0x0171e673
                                  0x0171e678
                                  0x0171e67d
                                  0x0171e682
                                  0x0171e685
                                  0x0171e692
                                  0x0171e69b
                                  0x0171e6a3
                                  0x0171e6ad
                                  0x0171e6b1
                                  0x0171e6b2
                                  0x0171e6bb
                                  0x0171e6bf
                                  0x0171e6c0
                                  0x0171e6c8
                                  0x0171e6cc
                                  0x0171e6d5
                                  0x0171e6d9
                                  0x00000000
                                  0x00000000
                                  0x0171e6e5
                                  0x0171e6ea
                                  0x0171e6f9
                                  0x0171e70b
                                  0x0171e70f
                                  0x01775439
                                  0x0177545e
                                  0x0177545e
                                  0x00000000
                                  0x0177545e
                                  0x0177543b
                                  0x0177543e
                                  0x01775440
                                  0x01775445
                                  0x01775472
                                  0x01775475
                                  0x0177548d
                                  0x01775493
                                  0x017754a9
                                  0x00000000
                                  0x00000000
                                  0x017754ab
                                  0x017754b4
                                  0x017754bc
                                  0x017754c8
                                  0x017754de
                                  0x017754fb
                                  0x017754e0
                                  0x017754e6
                                  0x017754eb
                                  0x017754eb
                                  0x017754de
                                  0x00000000
                                  0x017754bc
                                  0x01775477
                                  0x0177547a
                                  0x01775480
                                  0x01775483
                                  0x01775486
                                  0x0177548b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0177548b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01775447
                                  0x01775447
                                  0x01775447
                                  0x01775447
                                  0x0177544e
                                  0x00000000
                                  0x00000000
                                  0x01775450
                                  0x01775452
                                  0x01775455
                                  0x0177545a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0177545c
                                  0x0177546a
                                  0x0177546d
                                  0x0177546f
                                  0x00000000
                                  0x0177546f
                                  0x0171e70f

                                  Strings
                                  • @, xrefs: 0171E6C0
                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0171E68C
                                  • InstallLanguageFallback, xrefs: 0171E6DB
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                  • API String ID: 0-1757540487
                                  • Opcode ID: 19e7fcd1316ff50013cc18a73bb997bf535eb7c91e8a46b3f763fe802b851120
                                  • Instruction ID: 77419cd8a812c563f49b27a05bfce8f2bd0da07cca549e0a5dc60ea108a90439
                                  • Opcode Fuzzy Hash: 19e7fcd1316ff50013cc18a73bb997bf535eb7c91e8a46b3f763fe802b851120
                                  • Instruction Fuzzy Hash: FA51C1726083469BDB21DF28C444A7BF7E8BF88614F04096EFA85D7244FB74DA04C7A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017AFF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 017AFF60
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                  • API String ID: 3446177414-1911121157
                                  • Opcode ID: 0efc13d83a2c06302672376af37d520fb04d0000f6999465bf30fd81c927874a
                                  • Instruction ID: 8b2d4de4aba272397443f09d82d0e8101d1c64647fa067333e1ec7c9316f1cdc
                                  • Opcode Fuzzy Hash: 0efc13d83a2c06302672376af37d520fb04d0000f6999465bf30fd81c927874a
                                  • Instruction Fuzzy Hash: 1811EDB1A20248EFDB26EB54C848F9CFBB5FB48714F558144F6086B2A1C7789A40CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017DE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E017DE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E017DBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E017DBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E017DAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01759730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E017DA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E017DA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01759730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E017DA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E017DA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01732280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0172B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0172FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01737D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E017CFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                  0x017de547
                                  0x017de549
                                  0x017de54f
                                  0x017de553
                                  0x017de557
                                  0x017de55a
                                  0x017de55c
                                  0x017de55f
                                  0x017de561
                                  0x017de567
                                  0x017de56b
                                  0x017de7e2
                                  0x00000000
                                  0x017de571
                                  0x017de575
                                  0x017de577
                                  0x017de57b
                                  0x017de57c
                                  0x017de57d
                                  0x017de57e
                                  0x017de57f
                                  0x017de588
                                  0x017de58f
                                  0x017de591
                                  0x017de592
                                  0x017de592
                                  0x017de596
                                  0x017de59e
                                  0x017de5a0
                                  0x017de5a6
                                  0x017de61d
                                  0x017de61d
                                  0x017de621
                                  0x017de623
                                  0x017de630
                                  0x017de630
                                  0x017de7e6
                                  0x017de7eb
                                  0x017de7ed
                                  0x017de7f4
                                  0x017de7fa
                                  0x017de7ff
                                  0x017de7ff
                                  0x017de80a
                                  0x017de812
                                  0x017de812
                                  0x017de5ab
                                  0x017de5b4
                                  0x017de5b9
                                  0x017de5be
                                  0x017de5c0
                                  0x017de5c2
                                  0x017de5c8
                                  0x017de5c9
                                  0x017de5cb
                                  0x017de5cc
                                  0x017de5d5
                                  0x017de5e4
                                  0x017de5f1
                                  0x017de5f8
                                  0x017de5f8
                                  0x017de5d5
                                  0x017de602
                                  0x017de616
                                  0x017de63d
                                  0x017de644
                                  0x017de64d
                                  0x017de652
                                  0x017de657
                                  0x017de659
                                  0x017de65b
                                  0x017de661
                                  0x017de662
                                  0x017de664
                                  0x017de665
                                  0x017de66e
                                  0x017de67d
                                  0x017de68a
                                  0x017de691
                                  0x017de691
                                  0x017de66e
                                  0x017de6b0
                                  0x00000000
                                  0x017de6b6
                                  0x017de6bd
                                  0x017de6c7
                                  0x017de6d7
                                  0x017de6d9
                                  0x017de6db
                                  0x017de6de
                                  0x017de6e3
                                  0x017de6f3
                                  0x017de6fc
                                  0x017de700
                                  0x017de700
                                  0x017de704
                                  0x017de70a
                                  0x017de70a
                                  0x017de713
                                  0x017de716
                                  0x017de719
                                  0x017de720
                                  0x017de761
                                  0x017de76b
                                  0x017de774
                                  0x017de77a
                                  0x017de77a
                                  0x017de78a
                                  0x017de791
                                  0x017de799
                                  0x017de79b
                                  0x017de79f
                                  0x017de7aa
                                  0x017de7c0
                                  0x017de7ac
                                  0x017de7b2
                                  0x017de7b9
                                  0x017de7b9
                                  0x017de7c7
                                  0x017de806
                                  0x00000000
                                  0x017de7c9
                                  0x017de7d1
                                  0x017de7d8
                                  0x00000000
                                  0x017de7d8
                                  0x00000000
                                  0x00000000
                                  0x017de722
                                  0x017de72e
                                  0x017de748
                                  0x017de74c
                                  0x017de754
                                  0x017de756
                                  0x017de75c
                                  0x017de75c
                                  0x00000000
                                  0x017de75c
                                  0x017de758
                                  0x017de758
                                  0x00000000
                                  0x017de758
                                  0x017de750
                                  0x00000000
                                  0x00000000
                                  0x017de752
                                  0x00000000
                                  0x017de752
                                  0x017de730
                                  0x017de735
                                  0x017de73d
                                  0x017de73f
                                  0x00000000
                                  0x00000000
                                  0x017de741
                                  0x017de741
                                  0x00000000
                                  0x017de741
                                  0x017de739
                                  0x00000000
                                  0x00000000
                                  0x017de73b
                                  0x00000000
                                  0x017de73b
                                  0x017de722
                                  0x017de720
                                  0x017de6b0
                                  0x017de618
                                  0x00000000
                                  0x017de618

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                  • Instruction ID: 0a5dfaa28546267fc39bcaea0cfb54760733c9f0bd12521aee533e3fe75d39d2
                                  • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                  • Instruction Fuzzy Hash: E5917F3120434A9BE766CE29C845B1BFBF5BF84724F14892DFA95CB280EB74E904CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017951BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E017951BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x17f05f0);
				E0176D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0172EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E017953CA(0);
						return E0176D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0175F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01733690(1, _t117, 0x16f1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0175AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01734620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0175AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0179500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01759860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                  0x017951be
                                  0x017951c3
                                  0x017951c8
                                  0x017951cd
                                  0x017951d0
                                  0x017951d3
                                  0x017951d8
                                  0x017951db
                                  0x017951de
                                  0x017951e0
                                  0x017951e3
                                  0x017951e6
                                  0x017951e8
                                  0x01795342
                                  0x01795351
                                  0x01795356
                                  0x0179535a
                                  0x01795360
                                  0x01795363
                                  0x01795366
                                  0x01795369
                                  0x01795369
                                  0x0179536b
                                  0x0179536b
                                  0x01795370
                                  0x017953a3
                                  0x017953a4
                                  0x017953a6
                                  0x017953ab
                                  0x017953ab
                                  0x017953ae
                                  0x017953ae
                                  0x017953b5
                                  0x017953bf
                                  0x017953bf
                                  0x01795375
                                  0x01795396
                                  0x017953a0
                                  0x017953a0
                                  0x00000000
                                  0x01795396
                                  0x01795377
                                  0x01795379
                                  0x0179537f
                                  0x0179538c
                                  0x01795390
                                  0x00000000
                                  0x01795390
                                  0x017951ee
                                  0x017951f1
                                  0x01795301
                                  0x01795310
                                  0x01795315
                                  0x01795318
                                  0x0179531b
                                  0x01795320
                                  0x0179532e
                                  0x01795331
                                  0x00000000
                                  0x01795331
                                  0x01795328
                                  0x01795329
                                  0x00000000
                                  0x01795329
                                  0x017951fa
                                  0x01795235
                                  0x01795236
                                  0x01795239
                                  0x0179523f
                                  0x01795240
                                  0x01795241
                                  0x01795242
                                  0x01795246
                                  0x01795247
                                  0x0179524e
                                  0x01795251
                                  0x01795267
                                  0x01795269
                                  0x0179526e
                                  0x0179527d
                                  0x0179527e
                                  0x01795281
                                  0x01795282
                                  0x01795287
                                  0x01795288
                                  0x0179528a
                                  0x0179528f
                                  0x01795294
                                  0x00000000
                                  0x00000000
                                  0x0179529a
                                  0x0179529c
                                  0x0179529e
                                  0x0179529e
                                  0x017952a4
                                  0x017952b0
                                  0x00000000
                                  0x00000000
                                  0x017952ba
                                  0x017952bc
                                  0x017952bc
                                  0x017952d4
                                  0x017952d9
                                  0x017952dc
                                  0x017952e1
                                  0x00000000
                                  0x00000000
                                  0x017952e7
                                  0x017952f4
                                  0x00000000
                                  0x017952f4
                                  0x01795270
                                  0x00000000
                                  0x01795270
                                  0x017951fc
                                  0x017951fd
                                  0x01795202
                                  0x01795203
                                  0x01795205
                                  0x0179520a
                                  0x0179520f
                                  0x00000000
                                  0x00000000
                                  0x0179521b
                                  0x01795226
                                  0x0179522b
                                  0x0179521d
                                  0x0179521d
                                  0x01795222
                                  0x01795222
                                  0x0179522d
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: 2bb6dd338047ff418d3c73a257a3d7e7d2d27bd314de33a06ac3f6e096e1ca87
                                  • Instruction ID: 09b59afc1992fe8eac3696c898fa80d6374a53c5a99a882e2cf94fc5af17172f
                                  • Opcode Fuzzy Hash: 2bb6dd338047ff418d3c73a257a3d7e7d2d27bd314de33a06ac3f6e096e1ca87
                                  • Instruction Fuzzy Hash: F4518CB1A046199FDF26DFA8D840AAEFBF8FF48704F14406EE649EB241D6709904CB10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172D5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E0172D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x180d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01726600(0x18052d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1807b9c; // 0x0
							_t281 = L01734620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0175F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1807b90; // 0x77290000
								if(_t384 == 0) {
									_t353 =  *0x1807b8c; // 0x11b2aa0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01732280(_t200, 0x18084d8);
									_t277 =  *0x18085f4; // 0x11b2f90
									_t351 =  *0x18085f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x11b2f28
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0172FFB0(_t287, _t353, 0x18084d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0176CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01726600(0x18052d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01727926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x180b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0179E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1808472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x180b218; // 0x0
														asm("ror edi, cl");
														 *0x180b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01732280(_t250, 0x18084d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01753898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0172FFB0(_t293, _t353, 0x18084d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E017537F5(_t353, 0);
																}
																E01750413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01749B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E017402D6(_t174);
																}
																L017377F0( *0x1807b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0174C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0172EC7F(_t353);
										L017419B8(_t287, 0, _t353, 0);
										_t200 = E0171F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0175B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x180b2f8; // 0x0
									if((_t206 |  *0x180b2fc) == 0 || ( *0x180b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x180b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E017C6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E017C6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0172E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0172EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E01759730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0172E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L01728F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01753C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                  0x0172d5f2
                                  0x0172d5f5
                                  0x0172d5f5
                                  0x0172d5fd
                                  0x0172d600
                                  0x0172d60a
                                  0x0172d60d
                                  0x0172d617
                                  0x0172d61d
                                  0x0172d627
                                  0x0172d62e
                                  0x0172d911
                                  0x0172d913
                                  0x00000000
                                  0x0172d919
                                  0x0172d919
                                  0x0172d919
                                  0x0172d634
                                  0x0172d634
                                  0x0172d634
                                  0x0172d634
                                  0x0172d640
                                  0x0172d8bf
                                  0x00000000
                                  0x0172d646
                                  0x0172d646
                                  0x0172d64d
                                  0x0172d652
                                  0x0177b2fc
                                  0x0177b2fc
                                  0x0177b302
                                  0x0177b33b
                                  0x0177b341
                                  0x00000000
                                  0x0177b304
                                  0x0177b304
                                  0x0177b319
                                  0x0177b31e
                                  0x0177b324
                                  0x0177b326
                                  0x0177b332
                                  0x0177b347
                                  0x0177b34c
                                  0x0177b351
                                  0x0177b35a
                                  0x00000000
                                  0x0177b328
                                  0x0177b328
                                  0x00000000
                                  0x0177b328
                                  0x0177b326
                                  0x0172d658
                                  0x0172d658
                                  0x0172d65b
                                  0x0172d665
                                  0x00000000
                                  0x0172d66b
                                  0x0172d66b
                                  0x0172d66b
                                  0x0172d66b
                                  0x0172d66d
                                  0x0172d672
                                  0x0172d67a
                                  0x00000000
                                  0x00000000
                                  0x0172d680
                                  0x0172d686
                                  0x0172d8ce
                                  0x0172d8d4
                                  0x0172d8dd
                                  0x0172d8e0
                                  0x0172d68c
                                  0x0172d691
                                  0x0172d69d
                                  0x0172d6a2
                                  0x0172d6a7
                                  0x0172d6b0
                                  0x0172d6b5
                                  0x0172d6e0
                                  0x0172d6b7
                                  0x0172d6b7
                                  0x0172d6b9
                                  0x0172d6b9
                                  0x0172d6bb
                                  0x0172d6bd
                                  0x0172d6ce
                                  0x0172d6d0
                                  0x0172d6d2
                                  0x0177b363
                                  0x0177b365
                                  0x00000000
                                  0x0177b36b
                                  0x00000000
                                  0x0177b36b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0172d6bf
                                  0x0172d6bf
                                  0x0172d6e5
                                  0x0172d6e7
                                  0x0172d6e9
                                  0x0172d6ec
                                  0x0172d6ec
                                  0x0172d6ef
                                  0x0172d6f5
                                  0x0172d6f9
                                  0x0172d6fb
                                  0x0172d6fd
                                  0x0172d701
                                  0x0172d703
                                  0x0172d70a
                                  0x0172d70a
                                  0x0172d701
                                  0x0172d710
                                  0x0172d710
                                  0x0172d6c1
                                  0x0172d6c1
                                  0x0172d6c6
                                  0x0177b36d
                                  0x0177b36f
                                  0x00000000
                                  0x0177b375
                                  0x0177b375
                                  0x0177b375
                                  0x00000000
                                  0x0177b375
                                  0x00000000
                                  0x0172d6cc
                                  0x0172d6d8
                                  0x0172d6d8
                                  0x0172d6d8
                                  0x00000000
                                  0x0172d6c6
                                  0x0172d6bf
                                  0x00000000
                                  0x0172d6da
                                  0x0172d6da
                                  0x0172d716
                                  0x0172d71b
                                  0x0172d720
                                  0x0172d726
                                  0x0172d726
                                  0x0172d72d
                                  0x00000000
                                  0x0172d733
                                  0x0172d739
                                  0x0172d742
                                  0x0172d750
                                  0x0172d758
                                  0x0172d764
                                  0x0172d776
                                  0x0172d77a
                                  0x0172d783
                                  0x0172d928
                                  0x0172d92c
                                  0x0172d93d
                                  0x0172d944
                                  0x0172d94f
                                  0x0172d954
                                  0x0172d956
                                  0x0172d95f
                                  0x0172d961
                                  0x0172d973
                                  0x0172d973
                                  0x0172d956
                                  0x0172d944
                                  0x0172d92c
                                  0x0172d78b
                                  0x0177b394
                                  0x0172d791
                                  0x0172d798
                                  0x0177b3a3
                                  0x0177b3bb
                                  0x0177b3bb
                                  0x0172d7a5
                                  0x0172d866
                                  0x0172d870
                                  0x0172d884
                                  0x0172d892
                                  0x0172d898
                                  0x0172d89e
                                  0x0172d8a0
                                  0x0172d8a6
                                  0x0172d8ac
                                  0x0172d8ae
                                  0x0172d8b4
                                  0x0172d8b4
                                  0x0172d8ae
                                  0x0172d7a5
                                  0x0172d78b
                                  0x0172d7b1
                                  0x0177b3c5
                                  0x0177b3c5
                                  0x0172d7c3
                                  0x0172d7ca
                                  0x0172d7e5
                                  0x0172d7eb
                                  0x0172d8eb
                                  0x0172d8ed
                                  0x00000000
                                  0x0172d8f3
                                  0x0172d8f3
                                  0x0172d8f3
                                  0x00000000
                                  0x0172d8ed
                                  0x0172d7cc
                                  0x0172d7cc
                                  0x0172d7d2
                                  0x00000000
                                  0x0172d7d4
                                  0x0172d7d4
                                  0x0172d7d7
                                  0x0172d7df
                                  0x0177b3d4
                                  0x0177b3d9
                                  0x0177b3dc
                                  0x0177b3dc
                                  0x0177b3df
                                  0x0177b3e2
                                  0x0177b468
                                  0x0177b46d
                                  0x0177b46f
                                  0x0177b46f
                                  0x0177b475
                                  0x0172d8f8
                                  0x0172d8f9
                                  0x0172d8fd
                                  0x0177b3e8
                                  0x0177b3e8
                                  0x0177b3eb
                                  0x0177b3ed
                                  0x00000000
                                  0x0177b3ef
                                  0x0177b3ef
                                  0x0177b3f1
                                  0x0177b3f4
                                  0x0177b3fe
                                  0x0177b404
                                  0x0177b409
                                  0x0177b40e
                                  0x0177b410
                                  0x0177b410
                                  0x0177b414
                                  0x0177b414
                                  0x0177b41b
                                  0x0177b420
                                  0x0177b423
                                  0x0177b425
                                  0x0177b427
                                  0x0177b42a
                                  0x0177b42d
                                  0x0177b42d
                                  0x0177b42a
                                  0x0177b432
                                  0x0177b436
                                  0x0177b438
                                  0x0177b43b
                                  0x0177b43b
                                  0x0177b449
                                  0x0177b44e
                                  0x0177b454
                                  0x0177b458
                                  0x0177b458
                                  0x0177b45d
                                  0x00000000
                                  0x0177b45d
                                  0x0177b3ed
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0172d7df
                                  0x0172d7d2
                                  0x0172d7ca
                                  0x0177b37c
                                  0x0177b37e
                                  0x0177b385
                                  0x0177b38a
                                  0x00000000
                                  0x0177b38a
                                  0x0172d742
                                  0x0172d7f1
                                  0x0172d7f8
                                  0x0177b49b
                                  0x0177b49b
                                  0x0172d800
                                  0x0172d837
                                  0x0172d843
                                  0x0172d845
                                  0x0172d847
                                  0x0172d84a
                                  0x0172d84b
                                  0x0172d84e
                                  0x0172d857
                                  0x0172d802
                                  0x0172d802
                                  0x0172d80d
                                  0x00000000
                                  0x0172d818
                                  0x0172d818
                                  0x0172d824
                                  0x0172d831
                                  0x0177b4a5
                                  0x0177b4ab
                                  0x0177b4b3
                                  0x0177b4b8
                                  0x0177b4bb
                                  0x00000000
                                  0x0177b4c1
                                  0x0177b4c1
                                  0x0177b4c8
                                  0x00000000
                                  0x0177b4ce
                                  0x0177b4d4
                                  0x0177b4e1
                                  0x0177b4e3
                                  0x0177b4e5
                                  0x00000000
                                  0x0177b4eb
                                  0x0177b4f0
                                  0x0177b4f2
                                  0x0172dac9
                                  0x0172dacc
                                  0x0172dacf
                                  0x0172dad1
                                  0x0172dd78
                                  0x0172dd78
                                  0x0172dcf2
                                  0x00000000
                                  0x0172dad7
                                  0x0172dad9
                                  0x0172dadb
                                  0x00000000
                                  0x00000000
                                  0x0172dae1
                                  0x0172dae1
                                  0x0172dae4
                                  0x0172dae6
                                  0x0177b4f9
                                  0x0177b4f9
                                  0x0177b500
                                  0x0172daec
                                  0x0172daec
                                  0x0172daf5
                                  0x0172daf8
                                  0x0172dafb
                                  0x0172db03
                                  0x0172db11
                                  0x0172db16
                                  0x0172db19
                                  0x0172db1b
                                  0x0177b52c
                                  0x0177b531
                                  0x0177b534
                                  0x0172db21
                                  0x0172db21
                                  0x0172db24
                                  0x0172dcd9
                                  0x0172dce2
                                  0x0172dce5
                                  0x0172dd6a
                                  0x0172dd6d
                                  0x00000000
                                  0x0172dd73
                                  0x0177b51a
                                  0x0177b51c
                                  0x0177b51f
                                  0x0177b524
                                  0x00000000
                                  0x0177b524
                                  0x0172dce7
                                  0x0172dce7
                                  0x0172dce7
                                  0x00000000
                                  0x0172dce7
                                  0x00000000
                                  0x0172db2a
                                  0x0172db2c
                                  0x0172db31
                                  0x0172db33
                                  0x0172db36
                                  0x0172db39
                                  0x0172db3b
                                  0x0172db66
                                  0x0172db66
                                  0x0172db3d
                                  0x0172db3d
                                  0x0172db3e
                                  0x0172db46
                                  0x0172db47
                                  0x0172db49
                                  0x0172db4c
                                  0x0172db53
                                  0x0172db55
                                  0x0172db58
                                  0x0172db5a
                                  0x0177b50a
                                  0x0177b50f
                                  0x0177b512
                                  0x0172db60
                                  0x0172db60
                                  0x0172db63
                                  0x0172db63
                                  0x00000000
                                  0x0172db63
                                  0x0172db5a
                                  0x0172db3b
                                  0x0172db24
                                  0x0172db69
                                  0x0172db69
                                  0x0172db6c
                                  0x0172db6f
                                  0x0172db74
                                  0x0177b557
                                  0x0177b557
                                  0x0177b55e
                                  0x0172db7a
                                  0x0172db7c
                                  0x0172db7f
                                  0x0172db82
                                  0x0172db85
                                  0x00000000
                                  0x0172db8b
                                  0x0172db8b
                                  0x0172db8d
                                  0x0172db9b
                                  0x0172db9b
                                  0x0172db9d
                                  0x0172dba0
                                  0x0172dba2
                                  0x0172dba4
                                  0x0172dba7
                                  0x0172dba9
                                  0x0172dbae
                                  0x0172dbae
                                  0x0172dbb1
                                  0x0172dbb4
                                  0x0172dbb4
                                  0x0172dbb7
                                  0x0172dbba
                                  0x0172dcd2
                                  0x0172dcd4
                                  0x00000000
                                  0x0172dbc0
                                  0x0172dbc0
                                  0x0172dbd2
                                  0x0172dbd7
                                  0x0172dbda
                                  0x0172dbdd
                                  0x0172dbdf
                                  0x00000000
                                  0x0172dbe5
                                  0x0172dbe5
                                  0x0172dbee
                                  0x0172dbf1
                                  0x0177b541
                                  0x0177b544
                                  0x00000000
                                  0x0177b546
                                  0x0177b546
                                  0x00000000
                                  0x0177b546
                                  0x0172dbf7
                                  0x0172dbf7
                                  0x0172dbfd
                                  0x0172dbfd
                                  0x0172dbff
                                  0x0172dc0b
                                  0x0172dc15
                                  0x0172dc1b
                                  0x0172dc1d
                                  0x0172dc21
                                  0x0172dc21
                                  0x0172dc23
                                  0x0172dc23
                                  0x0172dc26
                                  0x0172dc29
                                  0x0172dc2b
                                  0x00000000
                                  0x00000000
                                  0x0172dc31
                                  0x0172dc34
                                  0x0172dc36
                                  0x0172dcbf
                                  0x0172dcbf
                                  0x0172dcc2
                                  0x00000000
                                  0x0172dc3c
                                  0x0172dc41
                                  0x0172dc43
                                  0x00000000
                                  0x0172dc45
                                  0x0172dc45
                                  0x0172dc47
                                  0x00000000
                                  0x0172dc4d
                                  0x0172dc4d
                                  0x0172dc50
                                  0x0172dc52
                                  0x0172dc55
                                  0x0172dcfa
                                  0x0172dcfe
                                  0x0172dd08
                                  0x0172dd0a
                                  0x0172dd0c
                                  0x00000000
                                  0x0172dd12
                                  0x0172dd15
                                  0x0172dd2d
                                  0x0172dd2f
                                  0x0172dd32
                                  0x0172dd35
                                  0x00000000
                                  0x0172dd35
                                  0x0172dc5b
                                  0x0172dc5b
                                  0x0172dc5e
                                  0x0172dc61
                                  0x0172dc64
                                  0x0172dc67
                                  0x0172dc67
                                  0x0172dc6a
                                  0x0172dc6c
                                  0x0172dc8e
                                  0x0172dc8e
                                  0x0172dc91
                                  0x0172dc93
                                  0x0172dcce
                                  0x0172dcce
                                  0x0172dc95
                                  0x0172dc9c
                                  0x0172dc6e
                                  0x0172dc72
                                  0x0172dc75
                                  0x0172dc77
                                  0x0172dc79
                                  0x0177b551
                                  0x0177b551
                                  0x00000000
                                  0x0172dc7f
                                  0x0172dc7f
                                  0x0172dc81
                                  0x00000000
                                  0x0172dc83
                                  0x0172dc86
                                  0x0172dc88
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0172dc88
                                  0x0172dc81
                                  0x0172dc79
                                  0x0172dc6c
                                  0x0172dc55
                                  0x0172dc47
                                  0x0172dc43
                                  0x00000000
                                  0x0172dc36
                                  0x0172dc23
                                  0x00000000
                                  0x0172dbff
                                  0x0172dbf1
                                  0x0172dbdf
                                  0x0172db8f
                                  0x0172db92
                                  0x0172db95
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0172db95
                                  0x0172db8d
                                  0x0172db85
                                  0x0172db74
                                  0x0172dc9f
                                  0x0172dca2
                                  0x0172dcb0
                                  0x0172dcb0
                                  0x0172dad1
                                  0x0177b4e5
                                  0x0177b4c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0172d831
                                  0x0172d80d
                                  0x00000000
                                  0x0172d800
                                  0x0177b47f
                                  0x0177b485
                                  0x00000000
                                  0x0177b485
                                  0x0172d665
                                  0x0172d652
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 87f863c49830eea701379bdbc07417852c93f88e47be77196a92e6da74f6cb5d
                                  • Instruction ID: df50a2c6ae94afca95b5bb501305773358884c0e5d6c9d8a5bd886c02ec01b64
                                  • Opcode Fuzzy Hash: 87f863c49830eea701379bdbc07417852c93f88e47be77196a92e6da74f6cb5d
                                  • Instruction Fuzzy Hash: 8BE1BE30A0176A8FEB35CF68C894BA9FBB2BF45304F0501E9D90997395D774AA82CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0174513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x180d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0175D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01732280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01734620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0175F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0172FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x180b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0175B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                  0x01745142
                                  0x0174514c
                                  0x01745150
                                  0x01745157
                                  0x01745159
                                  0x0174515e
                                  0x01745165
                                  0x01745169
                                  0x0174516c
                                  0x01745172
                                  0x01745176
                                  0x0174517a
                                  0x0174517a
                                  0x0174517a
                                  0x0174517f
                                  0x01786d8b
                                  0x01786d8e
                                  0x01786d91
                                  0x01786d95
                                  0x01786d98
                                  0x01786d9c
                                  0x01786da0
                                  0x01786da3
                                  0x01786da7
                                  0x01786e26
                                  0x01786e26
                                  0x01786e2a
                                  0x017451f9
                                  0x017451f9
                                  0x017451fe
                                  0x01786e33
                                  0x01786e33
                                  0x01786e39
                                  0x01786e3d
                                  0x01786e46
                                  0x01786e50
                                  0x00000000
                                  0x00000000
                                  0x01786e52
                                  0x01786e53
                                  0x01786e56
                                  0x01786e5d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01786e5f
                                  0x01786e67
                                  0x01786e77
                                  0x01786e7f
                                  0x01786e80
                                  0x01786e88
                                  0x01786e90
                                  0x01786e9f
                                  0x01786ea5
                                  0x01786ea9
                                  0x01786eb1
                                  0x01786ebf
                                  0x00000000
                                  0x00000000
                                  0x01786ecf
                                  0x01786ed3
                                  0x00000000
                                  0x00000000
                                  0x01786edb
                                  0x01786ede
                                  0x01786ee1
                                  0x01786ee8
                                  0x01786eeb
                                  0x01786eed
                                  0x01786ef0
                                  0x01786ef4
                                  0x01786ef8
                                  0x01786efc
                                  0x00000000
                                  0x00000000
                                  0x01786f0d
                                  0x01786f11
                                  0x01786f32
                                  0x01786f37
                                  0x01786f3b
                                  0x01786f3e
                                  0x01786f41
                                  0x01786f46
                                  0x00000000
                                  0x00000000
                                  0x01786f4c
                                  0x01786f50
                                  0x01786f50
                                  0x01786f54
                                  0x01786f62
                                  0x01786f65
                                  0x01786f6d
                                  0x01786f7b
                                  0x01786f7b
                                  0x01786f93
                                  0x01786f98
                                  0x01786fa0
                                  0x01786fa6
                                  0x01786fb3
                                  0x01786fb6
                                  0x01786fbf
                                  0x01786fc1
                                  0x01786fd5
                                  0x01786fda
                                  0x01786fda
                                  0x01786fdd
                                  0x01786fe2
                                  0x01786fe7
                                  0x01786feb
                                  0x01786fef
                                  0x01786ff3
                                  0x0174520c
                                  0x0174520c
                                  0x0174520f
                                  0x01745215
                                  0x01745234
                                  0x0174523a
                                  0x0174523a
                                  0x01745244
                                  0x01745245
                                  0x01745246
                                  0x01745251
                                  0x01745251
                                  0x01786f13
                                  0x01786f17
                                  0x01786f17
                                  0x01786f18
                                  0x01786f1b
                                  0x01786f1f
                                  0x01786f23
                                  0x00000000
                                  0x01786f28
                                  0x01745204
                                  0x01745204
                                  0x01745208
                                  0x00000000
                                  0x01745208
                                  0x01745185
                                  0x01745188
                                  0x0174518a
                                  0x0174518e
                                  0x01745195
                                  0x01786db1
                                  0x01786db5
                                  0x01786db9
                                  0x0174519b
                                  0x0174519b
                                  0x0174519e
                                  0x017451a7
                                  0x017451a9
                                  0x017451a9
                                  0x017451b5
                                  0x017451b8
                                  0x017451bb
                                  0x017451be
                                  0x017451c1
                                  0x017451c5
                                  0x017451c9
                                  0x017451cd
                                  0x017451cd
                                  0x017451d8
                                  0x017451dc
                                  0x017451e0
                                  0x01786dcc
                                  0x01786dd0
                                  0x01786dd5
                                  0x01786ddd
                                  0x01786de1
                                  0x01786de1
                                  0x01786de5
                                  0x01786deb
                                  0x01786df1
                                  0x01786df7
                                  0x01786dfd
                                  0x01786e01
                                  0x01786e05
                                  0x01786e09
                                  0x01786e0d
                                  0x01786e11
                                  0x01786e11
                                  0x017451eb
                                  0x01786e1a
                                  0x01786e1f
                                  0x01786e21
                                  0x01786e23
                                  0x00000000
                                  0x017451f1
                                  0x017451f1
                                  0x00000000
                                  0x017451f1

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 0a8d7c375a6cfddfedd23b3f63eddf8eb11903d30c72c4c3a9aaa72b4fc742b5
                                  • Instruction ID: eadbc3505ff55a214b91ad796464502660f765bf773bcbd17f78ceae8013bc65
                                  • Opcode Fuzzy Hash: 0a8d7c375a6cfddfedd23b3f63eddf8eb11903d30c72c4c3a9aaa72b4fc742b5
                                  • Instruction Fuzzy Hash: F6C132B55083819FD354CF28C480A5AFBF1BF88704F144A6EF9998B392D770E985CB42
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017403E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E017403E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x180d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01740548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0175B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0172B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1807c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01737D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01737D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01797016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01759830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E017969A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1807c04 != 0) {
						_t118 = _v12;
						_t120 = E0179A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1807bd8;
						if( *0x1807bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E017595D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E017599A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01793540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0171B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0175AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1808474 - 3;
										if( *0x1808474 != 3) {
											 *0x18079dc =  *0x18079dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01737D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01737D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01797016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1808708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1807b00; // 0x0
							asm("ror esi, cl");
							 *0x180b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E017595D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01727F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                  0x017403f1
                                  0x017403f7
                                  0x017403f9
                                  0x017403fb
                                  0x017403fd
                                  0x01740400
                                  0x0174040a
                                  0x01784c7a
                                  0x01740537
                                  0x01740547
                                  0x01740410
                                  0x01740410
                                  0x01740414
                                  0x01740417
                                  0x0174041a
                                  0x01740421
                                  0x01740424
                                  0x0174042b
                                  0x0174043b
                                  0x0174043e
                                  0x0174043f
                                  0x0174043f
                                  0x01740446
                                  0x01740449
                                  0x0174044c
                                  0x0174044f
                                  0x01740459
                                  0x01784c8d
                                  0x0174045f
                                  0x0174045f
                                  0x0174045f
                                  0x01740467
                                  0x01784c97
                                  0x01784c9d
                                  0x01784ca4
                                  0x01784caa
                                  0x01784caf
                                  0x01784cb1
                                  0x01784cc3
                                  0x01784cb3
                                  0x01784cbc
                                  0x01784cbc
                                  0x01784cc8
                                  0x01784ccb
                                  0x01784cd7
                                  0x01784cda
                                  0x01784cdf
                                  0x01784cdf
                                  0x01784ccb
                                  0x01784ca4
                                  0x0174046d
                                  0x0174046f
                                  0x0174046f
                                  0x01740471
                                  0x01740476
                                  0x0174047a
                                  0x0174047b
                                  0x01740483
                                  0x01740489
                                  0x0174048d
                                  0x00000000
                                  0x00000000
                                  0x01784ce9
                                  0x01784cef
                                  0x01784d22
                                  0x01784d22
                                  0x00000000
                                  0x01784d22
                                  0x01784cf1
                                  0x01784cf7
                                  0x00000000
                                  0x00000000
                                  0x01784cf9
                                  0x01784cff
                                  0x00000000
                                  0x00000000
                                  0x01784d05
                                  0x01784d07
                                  0x00000000
                                  0x00000000
                                  0x01784d0d
                                  0x01784d0f
                                  0x01784d14
                                  0x01784d16
                                  0x00000000
                                  0x00000000
                                  0x01784d1c
                                  0x01784d1c
                                  0x01740499
                                  0x01740535
                                  0x01740535
                                  0x00000000
                                  0x01740535
                                  0x017404a6
                                  0x01784d2c
                                  0x01784d37
                                  0x01784d39
                                  0x01784d3b
                                  0x00000000
                                  0x00000000
                                  0x01784d41
                                  0x01784d48
                                  0x01740527
                                  0x0174052b
                                  0x0174052d
                                  0x01740530
                                  0x01740530
                                  0x00000000
                                  0x0174052b
                                  0x01784d4e
                                  0x017404ac
                                  0x017404ac
                                  0x017404af
                                  0x017404b2
                                  0x017404b7
                                  0x017404b9
                                  0x017404bb
                                  0x017404bd
                                  0x017404bf
                                  0x017404c5
                                  0x017404c9
                                  0x01784d53
                                  0x01784d59
                                  0x01784db9
                                  0x01784dba
                                  0x01784dbf
                                  0x01784dc2
                                  0x01784dc4
                                  0x01784dc7
                                  0x01784dce
                                  0x00000000
                                  0x01784dce
                                  0x01784d5b
                                  0x01784d61
                                  0x00000000
                                  0x00000000
                                  0x01784d63
                                  0x01784d69
                                  0x00000000
                                  0x00000000
                                  0x01784d6b
                                  0x01784d6e
                                  0x01784d74
                                  0x01784d76
                                  0x01784d7c
                                  0x01784d7e
                                  0x01784d84
                                  0x01784d89
                                  0x01784d8c
                                  0x01784d8d
                                  0x01784d92
                                  0x01784d95
                                  0x01784d96
                                  0x01784d98
                                  0x01784d9a
                                  0x01784d9f
                                  0x01784da4
                                  0x01784da6
                                  0x01784da8
                                  0x01784daf
                                  0x01784db1
                                  0x01784db1
                                  0x01784daf
                                  0x01784da6
                                  0x01784d84
                                  0x01784d7c
                                  0x00000000
                                  0x01784d74
                                  0x017404d6
                                  0x01784de1
                                  0x017404dc
                                  0x017404dc
                                  0x017404dc
                                  0x017404e4
                                  0x01784deb
                                  0x01784df1
                                  0x01784df8
                                  0x01784dfe
                                  0x01784e03
                                  0x01784e05
                                  0x01784e17
                                  0x01784e07
                                  0x01784e10
                                  0x01784e10
                                  0x01784e1c
                                  0x01784e1f
                                  0x01784e35
                                  0x01784e35
                                  0x01784e1f
                                  0x01784df8
                                  0x017404f1
                                  0x017404fa
                                  0x01784e3f
                                  0x01784e47
                                  0x01784e5b
                                  0x01784e61
                                  0x01784e67
                                  0x01784e69
                                  0x01784e71
                                  0x01784e73
                                  0x01740500
                                  0x01740500
                                  0x01740500
                                  0x017404fa
                                  0x01740508
                                  0x0174051d
                                  0x0174051d
                                  0x0174051f
                                  0x01740524
                                  0x00000000
                                  0x01740524
                                  0x01740515
                                  0x01740517
                                  0x01784e7a
                                  0x01784e7c
                                  0x00000000
                                  0x00000000
                                  0x01784e85
                                  0x00000000
                                  0x01784e85
                                  0x00000000
                                  0x01740517

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7a5f188adff9fb7957fbe086a2cdb728b7c95ba27a2b7198a0d65acb6210e816
                                  • Instruction ID: 755758c82846d9f687abe5be20f2f93eb7ee3004855e6036e295cc87bb091407
                                  • Opcode Fuzzy Hash: 7a5f188adff9fb7957fbe086a2cdb728b7c95ba27a2b7198a0d65acb6210e816
                                  • Instruction Fuzzy Hash: 88911931E4021A9FEB32AB6CC848BADFBA4EB05724F150265FB11A72D1D7B49D40CBD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0171B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x17ef7a8);
				E0176D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0176D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0175D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0175F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E0176DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0175B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0175B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0175E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0175A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                  0x0171b171
                                  0x0171b171
                                  0x0171b171
                                  0x0171b171
                                  0x0171b171
                                  0x0171b176
                                  0x0171b17b
                                  0x0171b180
                                  0x0171b186
                                  0x0171b18f
                                  0x0171b198
                                  0x0171b1a4
                                  0x0171b1aa
                                  0x01774802
                                  0x01774802
                                  0x01774805
                                  0x0177480c
                                  0x0177480e
                                  0x0171b1d1
                                  0x0171b1d3
                                  0x0171b1de
                                  0x0171b1de
                                  0x01774817
                                  0x0177481e
                                  0x01774820
                                  0x01774822
                                  0x01774822
                                  0x01774824
                                  0x01774824
                                  0x0177482a
                                  0x00000000
                                  0x00000000
                                  0x01774835
                                  0x0177483a
                                  0x0177483d
                                  0x0177483f
                                  0x01774842
                                  0x01774842
                                  0x01774842
                                  0x01774846
                                  0x0177484c
                                  0x0177484e
                                  0x01774851
                                  0x01774851
                                  0x01774853
                                  0x01774854
                                  0x01774854
                                  0x01774858
                                  0x0177485a
                                  0x0177485a
                                  0x0177485d
                                  0x0177485f
                                  0x01774861
                                  0x01774861
                                  0x01774866
                                  0x0177486b
                                  0x0177486e
                                  0x01774871
                                  0x01774876
                                  0x01774876
                                  0x01774878
                                  0x0177487b
                                  0x01774884
                                  0x01774884
                                  0x00000000
                                  0x0177487d
                                  0x0177487d
                                  0x01774882
                                  0x01774889
                                  0x01774889
                                  0x0177488f
                                  0x01774891
                                  0x017748e0
                                  0x017748e2
                                  0x017748e4
                                  0x017748e4
                                  0x017748e7
                                  0x017748e7
                                  0x017748ed
                                  0x017748f4
                                  0x017748f6
                                  0x01774951
                                  0x01774951
                                  0x01774953
                                  0x01774953
                                  0x01774956
                                  0x01774956
                                  0x01774958
                                  0x01774959
                                  0x01774959
                                  0x0177495d
                                  0x0177495d
                                  0x0177495f
                                  0x0177495f
                                  0x01774965
                                  0x01774969
                                  0x017749ba
                                  0x017749ba
                                  0x017749c1
                                  0x017749c5
                                  0x017749cc
                                  0x017749d4
                                  0x017749d7
                                  0x017749da
                                  0x017749e4
                                  0x017749e5
                                  0x017749f3
                                  0x01774a02
                                  0x00000000
                                  0x01774a02
                                  0x01774972
                                  0x01774974
                                  0x00000000
                                  0x00000000
                                  0x01774976
                                  0x01774979
                                  0x01774982
                                  0x01774983
                                  0x01774984
                                  0x0177498b
                                  0x0177498d
                                  0x01774991
                                  0x01774993
                                  0x01774999
                                  0x0177499d
                                  0x017749a2
                                  0x017749a2
                                  0x017749a2
                                  0x01774999
                                  0x017749ac
                                  0x00000000
                                  0x017749b3
                                  0x017748f8
                                  0x017748fe
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017748fe
                                  0x01774895
                                  0x0177489c
                                  0x017748ad
                                  0x017748b2
                                  0x017748b5
                                  0x017748b7
                                  0x017748ba
                                  0x017748bc
                                  0x017748c6
                                  0x017748c6
                                  0x017748cb
                                  0x017748d1
                                  0x017748d4
                                  0x017748d8
                                  0x017748d8
                                  0x00000000
                                  0x017748d8
                                  0x017748be
                                  0x017748c0
                                  0x00000000
                                  0x00000000
                                  0x017748c2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017748c4
                                  0x00000000
                                  0x01774882
                                  0x0177487b
                                  0x01774904
                                  0x01774906
                                  0x00000000
                                  0x00000000
                                  0x01774908
                                  0x0177490e
                                  0x00000000
                                  0x00000000
                                  0x01774910
                                  0x01774917
                                  0x01774917
                                  0x00000000
                                  0x01774917
                                  0x0171b1ba
                                  0x017747f9
                                  0x017747fc
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017747fc
                                  0x0171b1c0
                                  0x0171b1c0
                                  0x0171b1c3
                                  0x0171b1cb
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: _vswprintf_s
                                  • String ID:
                                  • API String ID: 677850445-0
                                  • Opcode ID: b2fc72e043c28a650a35221d5743ab0ca574f9f3fe75233f64251a4119d2980a
                                  • Instruction ID: 7202d5f0246a36b30073642059fa3c9db707c99d7acdbc40780033c1577b153b
                                  • Opcode Fuzzy Hash: b2fc72e043c28a650a35221d5743ab0ca574f9f3fe75233f64251a4119d2980a
                                  • Instruction Fuzzy Hash: A951DF71E1025A8FEF31CF68C848BAEFBB1AF05710F1141ADE85AAB286D7744941DF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E0173B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x180d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01737D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E017E8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01759E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0175B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0175CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01737D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E017E8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0175AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1808628; // 0x0
								_v68 = _t77;
								_t78 =  *0x180862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1808628; // 0x0
							_t116 =  *0x180862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                  0x0173b94c
                                  0x0173b956
                                  0x0173b95c
                                  0x0173b95e
                                  0x0173b964
                                  0x0173b969
                                  0x0173b96d
                                  0x0173b96d
                                  0x0173b970
                                  0x0173b974
                                  0x0173b97a
                                  0x0173badf
                                  0x0173badf
                                  0x0173bae2
                                  0x0173bae4
                                  0x0173bae6
                                  0x0173baf0
                                  0x01782cb8
                                  0x0173baf6
                                  0x0173baf6
                                  0x0173baf6
                                  0x0173bafd
                                  0x0173bb1f
                                  0x0173bb1f
                                  0x0173baff
                                  0x0173bb00
                                  0x0173bb00
                                  0x0173bb03
                                  0x0173bb03
                                  0x0173bacb
                                  0x0173bacf
                                  0x0173bad0
                                  0x0173bad1
                                  0x0173badc
                                  0x0173badc
                                  0x0173b980
                                  0x0173b980
                                  0x0173b988
                                  0x0173b98b
                                  0x0173b98d
                                  0x0173b990
                                  0x0173b993
                                  0x0173b999
                                  0x0173b99b
                                  0x0173b9a1
                                  0x0173b9a5
                                  0x0173b9aa
                                  0x0173b9b0
                                  0x0173b9bb
                                  0x0173b9c0
                                  0x0173b9c3
                                  0x0173b9ca
                                  0x0173b9cc
                                  0x0173b9cf
                                  0x0173b9d3
                                  0x0173b9d7
                                  0x0173ba94
                                  0x0173ba94
                                  0x0173ba98
                                  0x0173baa3
                                  0x01782ccb
                                  0x0173baa9
                                  0x0173baa9
                                  0x0173baa9
                                  0x0173bab1
                                  0x01782cd5
                                  0x01782cdd
                                  0x01782cdd
                                  0x0173babb
                                  0x0173babc
                                  0x0173bac2
                                  0x0173bac3
                                  0x0173bac3
                                  0x0173bac6
                                  0x00000000
                                  0x0173b9dd
                                  0x0173b9dd
                                  0x0173b9e7
                                  0x0173b9e7
                                  0x0173b9ec
                                  0x0173b9ec
                                  0x0173b9f1
                                  0x0173b9f5
                                  0x0173b9fa
                                  0x0173ba00
                                  0x0173ba0c
                                  0x0173ba10
                                  0x0173ba10
                                  0x0173ba12
                                  0x0173ba18
                                  0x00000000
                                  0x00000000
                                  0x0173bb26
                                  0x0173bb26
                                  0x0173ba1e
                                  0x0173ba1e
                                  0x0173ba23
                                  0x0173ba25
                                  0x0173ba2c
                                  0x0173ba30
                                  0x0173ba35
                                  0x0173ba35
                                  0x0173ba41
                                  0x0173ba46
                                  0x0173ba4c
                                  0x0173ba50
                                  0x0173ba54
                                  0x0173ba6a
                                  0x0173ba6e
                                  0x0173ba70
                                  0x0173ba74
                                  0x0173ba78
                                  0x0173ba7a
                                  0x0173ba7c
                                  0x0173ba8e
                                  0x0173ba90
                                  0x0173ba92
                                  0x0173bb14
                                  0x0173bb14
                                  0x0173bb16
                                  0x0173bb16
                                  0x00000000
                                  0x0173ba7c
                                  0x0173bb0a
                                  0x0173bb0d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0173bb0f

                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0173B9A5
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID:
                                  • API String ID: 885266447-0
                                  • Opcode ID: de723ecd38c3e9e27dd2351c8ce0e938ce7f2dacb5b04cfcae339b29a57f695e
                                  • Instruction ID: 9f9cc541580fde1128c60e0c09d6bb4e6d222c39b3693de742ad3f518324d434
                                  • Opcode Fuzzy Hash: de723ecd38c3e9e27dd2351c8ce0e938ce7f2dacb5b04cfcae339b29a57f695e
                                  • Instruction Fuzzy Hash: 62518771A08705CFC725CF68C48492AFBE5FBC8610F14896EFA958735ADB70E940CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01754A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E01754A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x180d360 ^ _t62;
				_v8 =  *0x180d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01732280(_t26, 0x1808608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0172FFB0(_t41, _t51, 0x1808608);
						L2:
						 *0x180b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0175B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01732280(_t28, 0x1808608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0172FFB0(_t42, _t53, 0x1808608);
							if(_t53 != 0) {
								L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0172FFB0(_t41, _t51, 0x1808608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                  0x01754a2c
                                  0x01754a34
                                  0x01754a3c
                                  0x01754a3e
                                  0x01754a48
                                  0x01754a4b
                                  0x01754a4d
                                  0x01754a51
                                  0x01754a9c
                                  0x00000000
                                  0x00000000
                                  0x01754aa3
                                  0x01754aa8
                                  0x01754aad
                                  0x01754ab1
                                  0x01754ade
                                  0x01754ae3
                                  0x01754a5a
                                  0x01754a62
                                  0x01754a6a
                                  0x01754a6e
                                  0x0178f203
                                  0x01754a84
                                  0x01754a88
                                  0x01754a89
                                  0x01754a8a
                                  0x01754a95
                                  0x01754a95
                                  0x01754a79
                                  0x01754a80
                                  0x01754af2
                                  0x01754af4
                                  0x01754af9
                                  0x01754aff
                                  0x01754b01
                                  0x01754b03
                                  0x01754b08
                                  0x0178f20a
                                  0x0178f212
                                  0x0178f216
                                  0x0178f216
                                  0x01754b08
                                  0x01754b13
                                  0x01754b1a
                                  0x0178f229
                                  0x0178f229
                                  0x01754b1a
                                  0x01754a82
                                  0x00000000
                                  0x01754a82
                                  0x01754ab7
                                  0x01754acd
                                  0x01754acd
                                  0x01754ad5
                                  0x01754ada
                                  0x00000000
                                  0x01754ada
                                  0x01754ac2
                                  0x01754acb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01754acb
                                  0x01754a53
                                  0x01754a53
                                  0x01754a58
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 8169ad61bf29660e9f3594b2cc32212b3b7856e0bf3adf404edc524a904e29d2
                                  • Instruction ID: 54864301c2c130f77dd401557a0155e17a6f951651201bef5fd2f0b4cf0bcd6b
                                  • Opcode Fuzzy Hash: 8169ad61bf29660e9f3594b2cc32212b3b7856e0bf3adf404edc524a904e29d2
                                  • Instruction Fuzzy Hash: 343132326053559BD7E2AF18CD88B2BFBA4FFC5B00F010569E82647245EBB0DA80CB85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01730050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E01730050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x180d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01749ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0175B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E017E8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01749702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x180b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                  0x01730055
                                  0x0173005d
                                  0x01730062
                                  0x0173006c
                                  0x0173006f
                                  0x01730074
                                  0x0173007a
                                  0x0173007a
                                  0x01730080
                                  0x01730080
                                  0x01730087
                                  0x0173008d
                                  0x0173008f
                                  0x01730093
                                  0x01730095
                                  0x0173009b
                                  0x017300f8
                                  0x017300fb
                                  0x017300fc
                                  0x017300ff
                                  0x01730108
                                  0x01730108
                                  0x017300a2
                                  0x017300a6
                                  0x017300b3
                                  0x017300bc
                                  0x017300c5
                                  0x017300ca
                                  0x0177c01e
                                  0x00000000
                                  0x00000000
                                  0x0177c02d
                                  0x017300d5
                                  0x017300d9
                                  0x0177c03d
                                  0x0177c046
                                  0x0177c046
                                  0x017300df
                                  0x017300e2
                                  0x017300ea
                                  0x017300ef
                                  0x017300f2
                                  0x017300f6
                                  0x01730111
                                  0x01730117
                                  0x01730117
                                  0x00000000
                                  0x017300f6
                                  0x017300d0
                                  0x017300d0
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 0d8ac152fdcac471f4ad97ecbec75fe9c93cfcaff3d27ff0fb9938afbeec0a9e
                                  • Instruction ID: cfe2f09851476919e254b5ae3402e6628c35c782b104d2b3b2996b83b3c42d79
                                  • Opcode Fuzzy Hash: 0d8ac152fdcac471f4ad97ecbec75fe9c93cfcaff3d27ff0fb9938afbeec0a9e
                                  • Instruction Fuzzy Hash: C431CE31201B05CFD722CF28C984B9AF3E5FF89714F1445ADE59687B91EB71A801CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01742581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E01742581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, void* _a12, void* _a16, void* _a20, void* _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				void* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t258;
				signed int _t262;
				signed int _t291;
				intOrPtr _t297;
				signed int _t299;
				signed int _t301;
				unsigned int _t308;
				signed int _t312;
				signed int _t313;
				signed int _t339;
				signed int _t341;
				signed int _t346;
				signed int _t347;
				signed int _t351;
				signed int _t353;
				signed int _t354;

				_t351 = _t353;
				_t354 = _t353 - 0x4c;
				_v8 =  *0x180d360 ^ _t351;
				_t346 = 0x180b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t308 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t297 = 0x48;
				_t328 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t339 = 0;
				_v37 = _t328;
				if(_v48 <= 0) {
					L16:
					_t45 = _t297 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t347 = 0xc0000106;
						goto L32;
					} else {
						_t346 = L01734620(_t308,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t297);
						_v52 = _t346;
						__eflags = _t346;
						if(_t346 == 0) {
							_t347 = 0xc0000017;
							goto L32;
						} else {
							 *(_t346 + 0x44) =  *(_t346 + 0x44) & 0x00000000;
							_t50 = _t346 + 0x48; // 0x48
							_t341 = _t50;
							_t328 = _v32;
							 *((intOrPtr*)(_t346 + 0x3c)) = _t297;
							_t299 = 0;
							 *((short*)(_t346 + 0x30)) = _v48;
							__eflags = _t328;
							if(_t328 != 0) {
								 *(_t346 + 0x18) = _t341;
								__eflags = _t328 - 0x1808478;
								 *_t346 = ((0 | _t328 == 0x01808478) - 0x00000001 & 0xfffffffb) + 7;
								E0175F3E0(_t341,  *((intOrPtr*)(_t328 + 4)),  *_t328 & 0x0000ffff);
								_t328 = _v32;
								_t354 = _t354 + 0xc;
								_t299 = 1;
								__eflags = _a8;
								_t341 = _t341 + (( *_t328 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t291 = E017A39F2(_t341);
									_t328 = _v32;
									_t341 = _t291;
								}
							}
							_t312 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t347 = _v68;
								__eflags = 0;
								 *((short*)(_t341 - 2)) = 0;
								goto L32;
							} else {
								_t301 = _t346 + _t299 * 4;
								_v56 = _t301;
								do {
									__eflags = _t328;
									if(_t328 != 0) {
										_t258 =  *(_v60 + _t312 * 4);
										__eflags = _t258;
										if(_t258 == 0) {
											goto L30;
										} else {
											__eflags = _t258 == 5;
											if(_t258 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t301 =  *(_v60 + _t312 * 4);
										 *(_t301 + 0x18) = _t341;
										_t262 =  *(_v60 + _t312 * 4);
										__eflags = _t262 - 8;
										if(__eflags > 0) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t262 * 4 +  &M01742959))) {
												case 0:
													__ax =  *0x1808488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0175F3E0(__edi,  *0x180848c, __ax & 0x0000ffff);
														__eax =  *0x1808488 & 0x0000ffff;
														goto L26;
													}
													goto L132;
												case 1:
													L45:
													E0175F3E0(_t341, _v80, _v64);
													_t286 = _v64;
													goto L26;
												case 2:
													 *0x1808480 & 0x0000ffff = E0175F3E0(__edi,  *0x1808484,  *0x1808480 & 0x0000ffff);
													__eax =  *0x1808480 & 0x0000ffff;
													__eax = ( *0x1808480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0175F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L132;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0175F3E0(_t341, _v76, _v36);
														_t286 = _v36;
													}
													L26:
													_t354 = _t354 + 0xc;
													_t341 = _t341 + (_t286 >> 1) * 2 + 2;
													__eflags = _t341;
													L27:
													_push(0x3b);
													_pop(_t288);
													 *((short*)(_t341 - 2)) = _t288;
													goto L28;
												case 6:
													__ebx = "\\W:w\\W:w";
													__eflags = __ebx - "\\W:w\\W:w";
													if(__ebx != "\\W:w\\W:w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0175F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W:w\\W:w";
														} while (__ebx != "\\W:w\\W:w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1808478 & 0x0000ffff = E0175F3E0(__edi,  *0x180847c,  *0x1808478 & 0x0000ffff);
													__eax =  *0x1808478 & 0x0000ffff;
													__eax = ( *0x1808478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E017A39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1806e58 & 0x0000ffff = E0175F3E0(__edi,  *0x1806e5c,  *0x1806e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1806e58 & 0x0000ffff;
													__eax = ( *0x1806e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t312 = _v16;
													_t328 = _v32;
													L29:
													_t301 = _t301 + 4;
													__eflags = _t301;
													_v56 = _t301;
													goto L30;
											}
										}
									}
									goto L132;
									L30:
									_t312 = _t312 + 1;
									_v16 = _t312;
									__eflags = _t312 - _v48;
								} while (_t312 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t262 =  *(_v60 + _t339 * 4);
						if(_t262 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t262 * 4 +  &M01742935))) {
							case 0:
								__ax =  *0x1808488;
								__eflags = __ax;
								if(__eflags != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t328 =  &_v64;
								_v80 = E01742E3E(0,  &_v64);
								_t297 = _t297 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1808480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1808480;
									goto L104;
								}
								goto L14;
							case 3:
								__eax = E0172EEF0(0x18079a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L81();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0172EB70(__ecx, 0x18079a0);
									__eflags = __esi - 0xc0000100;
									if(__eflags == 0) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t236 = _v72;
											__eflags = _t236;
											if(_t236 != 0) {
												L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t236);
											}
											_t237 = _v52;
											__eflags = _t237;
											if(_t237 != 0) {
												__eflags = _t347;
												if(_t347 < 0) {
													L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t237);
													_t237 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t308 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1807b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0172EB70(__ecx, 0x18079a0);
										__eax = _v52;
										L36:
										_pop(_t340);
										_pop(_t348);
										__eflags = _v8 ^ _t351;
										_pop(_t298);
										return E0175B640(_t237, _t298, _v8 ^ _t351, _t328, _t340, _t348);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L81();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L132;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t293 = _v56;
								if(_v56 != 0) {
									_t328 =  &_v36;
									_t295 = E01742E3E(_t293,  &_v36);
									_t308 = _v36;
									_v76 = _t295;
								}
								if(_t308 == 0) {
									goto L44;
								} else {
									_t297 = _t297 + 2 + _t308;
								}
								goto L14;
							case 6:
								__eax =  *0x1805764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1808478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1808478;
									L104:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1806e58 & 0x0000ffff;
								__eax = ( *0x1806e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t339 = _t339 + 1;
								if(_t339 >= _v48) {
									goto L16;
								} else {
									_t328 = _v37;
									goto L1;
								}
								goto L132;
						}
					}
					L56:
					_t313 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					if(__eflags != 0) {
						asm("o16 sub [ecx+eax-0x20], dh");
					}
					_t105 = _t313 + _t262 - 0x20;
					 *_t105 =  *(_t313 + _t262 - 0x20) - _t328;
					__eflags =  *_t105;
					asm("daa");
					if(__eflags != 0) {
						if (__eflags == 0) goto L62;
					}
					if(__eflags != 0) {
						_t346 = _t346 + 1;
						__eflags = _t346;
					}
					_t109 = _t313 + _t262 + 5;
					 *_t109 =  *(_t313 + _t262 + 5) - _t328;
					__eflags =  *_t109;
					if(__eflags != 0) {
						_pop(ds);
					}
					if(__eflags >= 0) {
						_t262 = _t354;
					}
					_t114 = _t313 + _t262 + 0x35;
					 *_t114 =  *(_t313 + _t262 + 0x35) - _t328;
					__eflags =  *_t114;
					if( *_t114 >= 0) {
						_t313 = _t313 +  *_t313;
						__eflags = _t313;
					}
					_t118 = _t313 + _t262 - 0x80;
					 *_t118 =  *(_t313 + _t262 - 0x80) - _t346;
					__eflags =  *_t118;
				}
				L132:
			}





































                                  0x01742584
                                  0x01742586
                                  0x01742590
                                  0x01742599
                                  0x0174259e
                                  0x017425a4
                                  0x017425a9
                                  0x017425ac
                                  0x017425ae
                                  0x017425b1
                                  0x017425b2
                                  0x017425b5
                                  0x017425b8
                                  0x017425bb
                                  0x017425bc
                                  0x017425bf
                                  0x017425c2
                                  0x017425c5
                                  0x017425c6
                                  0x017425cb
                                  0x017425ce
                                  0x017425d8
                                  0x017425dd
                                  0x017425de
                                  0x017425e1
                                  0x017425e3
                                  0x017425e9
                                  0x017426da
                                  0x017426da
                                  0x017426dd
                                  0x017426e2
                                  0x01785b56
                                  0x00000000
                                  0x017426e8
                                  0x017426f9
                                  0x017426fb
                                  0x017426fe
                                  0x01742700
                                  0x01785b60
                                  0x00000000
                                  0x01742706
                                  0x01742706
                                  0x0174270a
                                  0x0174270a
                                  0x0174270d
                                  0x01742713
                                  0x01742716
                                  0x01742718
                                  0x0174271c
                                  0x0174271e
                                  0x01785b6c
                                  0x01785b6f
                                  0x01785b7f
                                  0x01785b89
                                  0x01785b8e
                                  0x01785b93
                                  0x01785b96
                                  0x01785b9c
                                  0x01785ba0
                                  0x01785ba3
                                  0x01785bab
                                  0x01785bb0
                                  0x01785bb3
                                  0x01785bb3
                                  0x01785ba3
                                  0x01742724
                                  0x01742726
                                  0x01742729
                                  0x0174272c
                                  0x0174279d
                                  0x0174279d
                                  0x017427a0
                                  0x017427a2
                                  0x00000000
                                  0x0174272e
                                  0x0174272e
                                  0x01742731
                                  0x01742734
                                  0x01742734
                                  0x01742736
                                  0x01785bc1
                                  0x01785bc1
                                  0x01785bc4
                                  0x00000000
                                  0x01785bca
                                  0x01785bca
                                  0x01785bcd
                                  0x00000000
                                  0x01785bd3
                                  0x00000000
                                  0x01785bd3
                                  0x01785bcd
                                  0x0174273c
                                  0x0174273c
                                  0x01742742
                                  0x01742747
                                  0x0174274a
                                  0x0174274d
                                  0x01742750
                                  0x00000000
                                  0x01742756
                                  0x01742756
                                  0x00000000
                                  0x01742902
                                  0x01742908
                                  0x0174290b
                                  0x00000000
                                  0x01742911
                                  0x0174291c
                                  0x01742921
                                  0x00000000
                                  0x01742921
                                  0x00000000
                                  0x00000000
                                  0x01742880
                                  0x01742887
                                  0x0174288c
                                  0x00000000
                                  0x00000000
                                  0x01742805
                                  0x0174280a
                                  0x01742814
                                  0x01742816
                                  0x00000000
                                  0x00000000
                                  0x0174281e
                                  0x01742821
                                  0x01742823
                                  0x00000000
                                  0x01742829
                                  0x01742829
                                  0x01742831
                                  0x0174283c
                                  0x0174283e
                                  0x00000000
                                  0x0174283e
                                  0x00000000
                                  0x00000000
                                  0x0174284e
                                  0x01742850
                                  0x01742851
                                  0x01742854
                                  0x01742857
                                  0x0174285a
                                  0x0174285c
                                  0x0174285d
                                  0x00000000
                                  0x00000000
                                  0x0174275d
                                  0x01742761
                                  0x00000000
                                  0x01742767
                                  0x0174276e
                                  0x01742773
                                  0x01742773
                                  0x01742776
                                  0x01742778
                                  0x0174277e
                                  0x0174277e
                                  0x01742781
                                  0x01742781
                                  0x01742783
                                  0x01742784
                                  0x00000000
                                  0x00000000
                                  0x01785bd8
                                  0x01785bde
                                  0x01785be4
                                  0x01785be6
                                  0x01785be8
                                  0x01785be9
                                  0x01785bee
                                  0x01785bf8
                                  0x01785bff
                                  0x01785c01
                                  0x01785c04
                                  0x01785c07
                                  0x01785c0b
                                  0x01785c0d
                                  0x01785c0d
                                  0x01785c15
                                  0x01785c18
                                  0x01785c1b
                                  0x01785c1b
                                  0x01785c1e
                                  0x00000000
                                  0x00000000
                                  0x017428c3
                                  0x017428c8
                                  0x017428d2
                                  0x017428d4
                                  0x017428d8
                                  0x017428db
                                  0x01785c26
                                  0x01785c28
                                  0x01785c2d
                                  0x01785c2d
                                  0x00000000
                                  0x00000000
                                  0x01785c34
                                  0x01785c36
                                  0x01785c49
                                  0x01785c4e
                                  0x01785c54
                                  0x01785c5b
                                  0x01785c5d
                                  0x01785c60
                                  0x01742788
                                  0x01742788
                                  0x0174278b
                                  0x0174278e
                                  0x0174278e
                                  0x0174278e
                                  0x01742791
                                  0x00000000
                                  0x00000000
                                  0x01742756
                                  0x01742750
                                  0x00000000
                                  0x01742794
                                  0x01742794
                                  0x01742795
                                  0x01742798
                                  0x01742798
                                  0x00000000
                                  0x01742734
                                  0x0174272c
                                  0x01742700
                                  0x017425ef
                                  0x017425ef
                                  0x017425ef
                                  0x017425f2
                                  0x017425f8
                                  0x00000000
                                  0x00000000
                                  0x017425fe
                                  0x00000000
                                  0x017428e6
                                  0x017428ec
                                  0x017428ef
                                  0x017428f5
                                  0x017428f8
                                  0x017428f8
                                  0x00000000
                                  0x017428f8
                                  0x00000000
                                  0x00000000
                                  0x01742866
                                  0x01742866
                                  0x01742876
                                  0x01742879
                                  0x00000000
                                  0x00000000
                                  0x017427e0
                                  0x017427e7
                                  0x017427e9
                                  0x017427eb
                                  0x01785afd
                                  0x00000000
                                  0x01785afd
                                  0x00000000
                                  0x00000000
                                  0x01742633
                                  0x01742638
                                  0x0174263b
                                  0x0174263c
                                  0x0174263e
                                  0x01742640
                                  0x01742642
                                  0x01742647
                                  0x01742649
                                  0x0174264e
                                  0x01742650
                                  0x01742653
                                  0x01742659
                                  0x017426a2
                                  0x017426a7
                                  0x017426ac
                                  0x017426b2
                                  0x01785b11
                                  0x01785b15
                                  0x01785b17
                                  0x00000000
                                  0x017426b8
                                  0x017426b8
                                  0x017426ba
                                  0x017427a6
                                  0x017427a6
                                  0x017427a9
                                  0x017427ab
                                  0x017427b9
                                  0x017427b9
                                  0x017427be
                                  0x017427c1
                                  0x017427c3
                                  0x017427c5
                                  0x017427c7
                                  0x01785c74
                                  0x01785c79
                                  0x01785c79
                                  0x017427c7
                                  0x00000000
                                  0x017426c0
                                  0x017426c0
                                  0x017426c3
                                  0x017426c6
                                  0x017426c6
                                  0x017426c9
                                  0x017426c9
                                  0x00000000
                                  0x017426c9
                                  0x017426ba
                                  0x0174265b
                                  0x0174265b
                                  0x0174265e
                                  0x01742667
                                  0x0174266d
                                  0x01742677
                                  0x0174267c
                                  0x0174267f
                                  0x01742681
                                  0x01785b49
                                  0x01785b4e
                                  0x017427cd
                                  0x017427d0
                                  0x017427d1
                                  0x017427d2
                                  0x017427d4
                                  0x017427dd
                                  0x01742687
                                  0x01742687
                                  0x0174268a
                                  0x0174268b
                                  0x0174268e
                                  0x0174268f
                                  0x01742691
                                  0x01742696
                                  0x01742698
                                  0x0174269d
                                  0x0174269f
                                  0x00000000
                                  0x0174269f
                                  0x01742681
                                  0x00000000
                                  0x00000000
                                  0x01742846
                                  0x00000000
                                  0x00000000
                                  0x01742605
                                  0x0174260a
                                  0x0174260c
                                  0x01742611
                                  0x01742616
                                  0x01742619
                                  0x01742619
                                  0x0174261e
                                  0x00000000
                                  0x01742624
                                  0x01742627
                                  0x01742627
                                  0x00000000
                                  0x00000000
                                  0x01785b1f
                                  0x00000000
                                  0x00000000
                                  0x01742894
                                  0x0174289b
                                  0x0174289d
                                  0x017428a1
                                  0x01785b2b
                                  0x01785b2e
                                  0x01785b2e
                                  0x017428a7
                                  0x017428a9
                                  0x01785b04
                                  0x01785b09
                                  0x01785b09
                                  0x01785b09
                                  0x00000000
                                  0x00000000
                                  0x01785b35
                                  0x01785b3c
                                  0x017428fb
                                  0x017428fb
                                  0x017426cc
                                  0x017426cc
                                  0x017426d0
                                  0x00000000
                                  0x017426d2
                                  0x017426d2
                                  0x00000000
                                  0x017426d2
                                  0x00000000
                                  0x00000000
                                  0x017425fe
                                  0x0174292d
                                  0x0174292f
                                  0x01742930
                                  0x01742935
                                  0x01742937
                                  0x01742939
                                  0x01742939
                                  0x0174293a
                                  0x0174293a
                                  0x0174293a
                                  0x0174293e
                                  0x0174293f
                                  0x01742941
                                  0x01742941
                                  0x01742942
                                  0x01742945
                                  0x01742945
                                  0x01742945
                                  0x01742946
                                  0x01742946
                                  0x01742946
                                  0x0174294a
                                  0x0174294d
                                  0x0174294d
                                  0x0174294f
                                  0x01742951
                                  0x01742951
                                  0x01742952
                                  0x01742952
                                  0x01742952
                                  0x01742957
                                  0x01742959
                                  0x01742959
                                  0x01742959
                                  0x0174295a
                                  0x0174295a
                                  0x0174295a
                                  0x0174295a
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PATH
                                  • API String ID: 0-1036084923
                                  • Opcode ID: 4e92c70cdfc9e09150c94e8364fc81dc1e33534e15b9462f398662eaf40f68f5
                                  • Instruction ID: 72cc426c7c2c8ef1541ef3199ab39f0985f5a4554fdd56eaa2928b9464fd117e
                                  • Opcode Fuzzy Hash: 4e92c70cdfc9e09150c94e8364fc81dc1e33534e15b9462f398662eaf40f68f5
                                  • Instruction Fuzzy Hash: 6FC1AE75E00219EBDB26DFA9E880BADFBB1FF58740F054069FA01AB251D734A951CB60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 42%
                                  			E0171C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x180d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0172EEF0(0x18070a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0179F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0172EB70(_t29, 0x18070a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0175B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0179F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18070c0; // 0x0
					while(_t38 != 0x18070c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x180b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                  0x0171c96a
                                  0x0171c974
                                  0x0171c988
                                  0x0171c98a
                                  0x01787c9d
                                  0x01787c9f
                                  0x01787ca4
                                  0x01787cae
                                  0x01787cf0
                                  0x01787cf5
                                  0x01787cfa
                                  0x0171c992
                                  0x0171c996
                                  0x0171c997
                                  0x0171c998
                                  0x0171c9a3
                                  0x0171c9a3
                                  0x01787cb0
                                  0x01787cb7
                                  0x01787cbb
                                  0x00000000
                                  0x00000000
                                  0x01787cbd
                                  0x01787ce8
                                  0x01787cc5
                                  0x01787cc8
                                  0x01787cca
                                  0x01787cd0
                                  0x01787cd6
                                  0x01787cde
                                  0x01787ce4
                                  0x01787ce4
                                  0x01787cd0
                                  0x00000000
                                  0x01787ce8
                                  0x0171c990
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d611a3736aec32189d81f369dad32c4702702b15de73898e101d87542028fb9
                                  • Instruction ID: 901012a415bfebd36a684ef7c70094a3124ca59365fd77569b80324e1a0a08ef
                                  • Opcode Fuzzy Hash: 8d611a3736aec32189d81f369dad32c4702702b15de73898e101d87542028fb9
                                  • Instruction Fuzzy Hash: 2811253230060A9BC756EF2DDC85A2BFBE9FB84310B100228E982C3650DF60ED04CBD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E0174FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0172EEF0(0x1807b60);
					_t134 =  *0x1807b84; // 0x773a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1807b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1807b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01726D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E017276E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E017B8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0171B150();
													}
													_t116 = E017B6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017275CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1808638; // 0x0
																	_t122 = L017238A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E017276E2(_t154);
																			goto L41;
																		}
																	} else {
																		E017276E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0174FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017270F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0174FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0174FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0174FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0174FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0174FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1807b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1807b84 = _t75;
						_t73 = E0172EB70(_t134, 0x1807b60);
						if( *0x1807b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0172FF60( *0x1807b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                  0x0174fab0
                                  0x0174fab2
                                  0x0174fab3
                                  0x0174fab4
                                  0x0174fabc
                                  0x0174fac0
                                  0x0174fb14
                                  0x0174fb17
                                  0x0174fac2
                                  0x0174fac8
                                  0x0174facd
                                  0x0174fad3
                                  0x0174fad3
                                  0x0174fadd
                                  0x0174fb18
                                  0x0174fb1b
                                  0x0174fb1d
                                  0x0174fb1e
                                  0x0174fb1f
                                  0x0174fb20
                                  0x0174fb21
                                  0x0174fb22
                                  0x0174fb23
                                  0x0174fb24
                                  0x0174fb25
                                  0x0174fb26
                                  0x0174fb27
                                  0x0174fb28
                                  0x0174fb29
                                  0x0174fb2a
                                  0x0174fb2b
                                  0x0174fb2c
                                  0x0174fb2d
                                  0x0174fb2e
                                  0x0174fb2f
                                  0x0174fb3a
                                  0x0174fb3b
                                  0x0174fb3e
                                  0x0174fb41
                                  0x0174fb44
                                  0x0174fb47
                                  0x0174fb4a
                                  0x0174fb4d
                                  0x0174fb53
                                  0x0178bdcb
                                  0x0178bdcb
                                  0x0174fb59
                                  0x0174fb5b
                                  0x0174fb5b
                                  0x0174fb5e
                                  0x0178bdd5
                                  0x0178bdd8
                                  0x00000000
                                  0x0178bdda
                                  0x00000000
                                  0x0178bdda
                                  0x0174fb64
                                  0x0174fb64
                                  0x0174fb64
                                  0x0174fb67
                                  0x0174fb6e
                                  0x0174fb70
                                  0x0174fb72
                                  0x00000000
                                  0x0174fb78
                                  0x0174fb7a
                                  0x0174fb7a
                                  0x0174fb7d
                                  0x0174fb80
                                  0x0178bddf
                                  0x0178bde1
                                  0x00000000
                                  0x0178bde3
                                  0x00000000
                                  0x0178bde3
                                  0x0174fb86
                                  0x0174fb86
                                  0x0174fb86
                                  0x0174fb8b
                                  0x0174fb90
                                  0x0174fb92
                                  0x0174fb94
                                  0x0174fb9a
                                  0x0174fb9b
                                  0x0174fba1
                                  0x0178bde8
                                  0x0178bdeb
                                  0x0178bded
                                  0x0178beb5
                                  0x0178beb5
                                  0x0178bebb
                                  0x0178bebd
                                  0x0178bec3
                                  0x0178bed2
                                  0x0178bedd
                                  0x0178bedd
                                  0x0178beed
                                  0x00000000
                                  0x0178bdf3
                                  0x0178bdfe
                                  0x0178be06
                                  0x0178be0b
                                  0x0178be0d
                                  0x0178be0f
                                  0x0178be14
                                  0x0178be19
                                  0x0178be20
                                  0x0178be25
                                  0x0178be27
                                  0x0178be35
                                  0x0178be39
                                  0x0178be46
                                  0x0178be4f
                                  0x0178be54
                                  0x0178be56
                                  0x0178bef8
                                  0x0178bef8
                                  0x00000000
                                  0x0178be5c
                                  0x0178be5c
                                  0x0178be60
                                  0x00000000
                                  0x0178be66
                                  0x0178be66
                                  0x0178be7f
                                  0x0178be84
                                  0x0178be87
                                  0x0178be89
                                  0x0178be8b
                                  0x0178be99
                                  0x0178be9d
                                  0x0178bea0
                                  0x0178beac
                                  0x0178beaf
                                  0x0178beb1
                                  0x0178beb3
                                  0x0178beb3
                                  0x00000000
                                  0x0178bea2
                                  0x0178bea2
                                  0x00000000
                                  0x0178bea2
                                  0x0178be8d
                                  0x0178be8d
                                  0x0178be92
                                  0x00000000
                                  0x0178be92
                                  0x0178be8b
                                  0x0178be60
                                  0x0178be3b
                                  0x0178be3b
                                  0x0178be3e
                                  0x00000000
                                  0x0178be40
                                  0x0178be40
                                  0x0178be44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0178be44
                                  0x0178be3e
                                  0x0178be29
                                  0x0178be29
                                  0x00000000
                                  0x0178be29
                                  0x0178be27
                                  0x00000000
                                  0x0174fba7
                                  0x0174fba7
                                  0x0174fbab
                                  0x0178bf02
                                  0x0174fbb1
                                  0x0174fbb1
                                  0x0174fbb8
                                  0x0174fbbd
                                  0x0174fbbd
                                  0x0174fbbf
                                  0x0174fbbf
                                  0x0174fbc5
                                  0x0174fbcb
                                  0x0174fbf8
                                  0x0174fbf8
                                  0x0174fbfa
                                  0x00000000
                                  0x0174fc00
                                  0x0174fc00
                                  0x0174fc03
                                  0x00000000
                                  0x0174fc09
                                  0x0174fc09
                                  0x0174fc0f
                                  0x0174fc15
                                  0x0174fc23
                                  0x0174fc23
                                  0x0174fc25
                                  0x0174fc27
                                  0x0174fc75
                                  0x0174fc7c
                                  0x0174fc84
                                  0x00000000
                                  0x0174fc29
                                  0x0174fc29
                                  0x0174fc2d
                                  0x0174fc30
                                  0x0178bf0f
                                  0x00000000
                                  0x0174fc36
                                  0x0174fc38
                                  0x0174fc3b
                                  0x0174fc41
                                  0x0178bf17
                                  0x0178bf19
                                  0x0178bf48
                                  0x0178bf4b
                                  0x00000000
                                  0x0178bf1b
                                  0x0178bf22
                                  0x0178bf24
                                  0x0178bf26
                                  0x00000000
                                  0x0178bf2c
                                  0x0178bf37
                                  0x0178bf39
                                  0x0178bf3b
                                  0x00000000
                                  0x0178bf41
                                  0x0178bf41
                                  0x0178bf41
                                  0x0178bf41
                                  0x0178bf45
                                  0x00000000
                                  0x0178bf45
                                  0x0178bf3b
                                  0x0178bf26
                                  0x00000000
                                  0x0174fc47
                                  0x0174fc47
                                  0x0174fc49
                                  0x0174fcb2
                                  0x0174fcb4
                                  0x0174fcb6
                                  0x0174fcdc
                                  0x0174fcdc
                                  0x00000000
                                  0x0174fcb8
                                  0x0174fcc3
                                  0x0174fcc5
                                  0x0174fcc7
                                  0x00000000
                                  0x0174fcc9
                                  0x0174fcc9
                                  0x0174fccd
                                  0x00000000
                                  0x0174fccd
                                  0x0174fcc7
                                  0x00000000
                                  0x0174fc4b
                                  0x0174fc4b
                                  0x0174fc4e
                                  0x0174fc4e
                                  0x0174fc51
                                  0x0174fc51
                                  0x0174fc54
                                  0x0174fc5a
                                  0x0174fc5c
                                  0x0174fc5f
                                  0x0174fc61
                                  0x0174fc63
                                  0x0174fc65
                                  0x0174fc67
                                  0x0174fc6e
                                  0x0174fc72
                                  0x0174fc72
                                  0x0174fc72
                                  0x0174fc72
                                  0x0174fc67
                                  0x0174fc61
                                  0x00000000
                                  0x0174fc5a
                                  0x0174fc49
                                  0x0174fc41
                                  0x0174fc30
                                  0x0174fc27
                                  0x0174fc03
                                  0x0174fbcd
                                  0x0174fbd3
                                  0x0174fbd9
                                  0x0174fbdc
                                  0x0174fbde
                                  0x0174fc99
                                  0x0174fc9b
                                  0x0174fc9d
                                  0x0174fcd5
                                  0x0174fcd5
                                  0x0174fc89
                                  0x0174fc89
                                  0x00000000
                                  0x0174fc9f
                                  0x0174fc9f
                                  0x0174fca3
                                  0x00000000
                                  0x0174fca3
                                  0x00000000
                                  0x0174fbe4
                                  0x0174fbe4
                                  0x0174fbe4
                                  0x0174fbe4
                                  0x0174fbe9
                                  0x0174fbf2
                                  0x00000000
                                  0x0174fbf2
                                  0x0174fbde
                                  0x0174fbcb
                                  0x0174fbab
                                  0x0174fc8b
                                  0x0174fc8b
                                  0x0174fc8c
                                  0x0174fb80
                                  0x0174fb72
                                  0x0174fb5e
                                  0x0174fc8d
                                  0x0174fc91
                                  0x0174fadf
                                  0x0174fadf
                                  0x0174fae1
                                  0x0174fae4
                                  0x0174fae7
                                  0x0174faec
                                  0x0174faf8
                                  0x0174fb00
                                  0x0174fb07
                                  0x0174fb0f
                                  0x0174fb0f
                                  0x0174fb07
                                  0x00000000
                                  0x0174faf8
                                  0x0174fadd

                                  Strings
                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0178BE0F
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                  • API String ID: 0-865735534
                                  • Opcode ID: 9650818791928298a2291c2524c83ea47349405d3ca81389bfb7c34e65bb408f
                                  • Instruction ID: eb2f7db5cab152484e313ca563884eb3a73d1c6ec6383e1c1cc717597f435889
                                  • Opcode Fuzzy Hash: 9650818791928298a2291c2524c83ea47349405d3ca81389bfb7c34e65bb408f
                                  • Instruction Fuzzy Hash: 07A12531B00A069FEB26EF6CC454B7AF7A5AF49710F04456EEA46DB781DB30D941CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01712D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E01712D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1805350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1807bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E017597C0();
				}
				if( *0x18079c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18079c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01741624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01737D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E017AFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01759520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0174E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E0176DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1806901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1806901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01759980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E017595D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01737D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01737D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01797016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E017AFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1805350;
							if(_t109 != 0x1805350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E017AFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E017A5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                  0x01712d8a
                                  0x01712d8a
                                  0x01712d92
                                  0x01712d96
                                  0x01712d9e
                                  0x01712da0
                                  0x01712da3
                                  0x01712da5
                                  0x01712da8
                                  0x01712dab
                                  0x01712db2
                                  0x0176f9aa
                                  0x0176f9ab
                                  0x0176f9ae
                                  0x0176f9ae
                                  0x01712db8
                                  0x01712dc2
                                  0x0176f9b9
                                  0x0176f9be
                                  0x0176f9bf
                                  0x0176f9bf
                                  0x01712dcf
                                  0x0176f9c9
                                  0x01712dd5
                                  0x01712dd5
                                  0x01712dd5
                                  0x01712dde
                                  0x01712de1
                                  0x01712e70
                                  0x01712e72
                                  0x01712e72
                                  0x01712de7
                                  0x01712deb
                                  0x01712e7c
                                  0x01712e83
                                  0x01712e85
                                  0x01712e8b
                                  0x01712e8d
                                  0x01712e92
                                  0x01712e92
                                  0x01712e85
                                  0x01712df1
                                  0x01712df7
                                  0x01712df9
                                  0x01712df9
                                  0x01712dfc
                                  0x01712dff
                                  0x01712e02
                                  0x00000000
                                  0x01712e05
                                  0x01712e0c
                                  0x0176f9d9
                                  0x01712e12
                                  0x01712e12
                                  0x01712e12
                                  0x01712e1a
                                  0x0176f9e3
                                  0x0176f9e9
                                  0x0176f9f0
                                  0x0176f9f6
                                  0x0176f9f8
                                  0x0176f9f8
                                  0x0176f9f0
                                  0x01712e23
                                  0x0176fa02
                                  0x0176fa03
                                  0x0176fa05
                                  0x0176fa06
                                  0x00000000
                                  0x01712e29
                                  0x01712e29
                                  0x01712e2e
                                  0x01712e34
                                  0x01712e3e
                                  0x00000000
                                  0x00000000
                                  0x01712e44
                                  0x01712e47
                                  0x01712e4d
                                  0x00000000
                                  0x00000000
                                  0x01712e4f
                                  0x01712e54
                                  0x00000000
                                  0x00000000
                                  0x01712e5a
                                  0x01712e5f
                                  0x01712e9a
                                  0x01712ea4
                                  0x01712ea5
                                  0x01712ea8
                                  0x01712eaf
                                  0x01712eb2
                                  0x01712eb5
                                  0x0176fae9
                                  0x0176faeb
                                  0x0176faed
                                  0x0176faef
                                  0x0176faf7
                                  0x0176faf8
                                  0x0176fafd
                                  0x0176faff
                                  0x0176fb04
                                  0x0176fb04
                                  0x0176faff
                                  0x01712ec0
                                  0x01712ec4
                                  0x01712ec6
                                  0x01712ec8
                                  0x0176fb14
                                  0x0176fb18
                                  0x0176fb1e
                                  0x0176fb21
                                  0x0176fb21
                                  0x01712ece
                                  0x01712ece
                                  0x01712ece
                                  0x01712ed7
                                  0x01712e61
                                  0x01712e63
                                  0x0176fa6b
                                  0x0176fa71
                                  0x0176fa76
                                  0x0176fa78
                                  0x0176fa8a
                                  0x0176fa7a
                                  0x0176fa83
                                  0x0176fa83
                                  0x0176fa8f
                                  0x0176fa91
                                  0x0176fa97
                                  0x0176fa9d
                                  0x0176faa4
                                  0x0176faaa
                                  0x0176faaf
                                  0x0176fab1
                                  0x0176fac3
                                  0x0176fab3
                                  0x0176fabc
                                  0x0176fabc
                                  0x0176fac8
                                  0x0176facb
                                  0x0176fadf
                                  0x0176fadf
                                  0x0176facb
                                  0x0176faa4
                                  0x0176fa91
                                  0x01712e6f
                                  0x01712e6f
                                  0x01712e5f
                                  0x0176fa13
                                  0x0176fa15
                                  0x0176fa17
                                  0x0176fa1f
                                  0x0176fa21
                                  0x0176fa22
                                  0x0176fa25
                                  0x0176fa28
                                  0x0176fa2f
                                  0x0176fa2f
                                  0x0176fa2a
                                  0x0176fa2a
                                  0x0176fa2a
                                  0x0176fa31
                                  0x0176fa34
                                  0x0176fa36
                                  0x0176fa3c
                                  0x0176fa3e
                                  0x0176fa41
                                  0x0176fa43
                                  0x0176fa45
                                  0x0176fa45
                                  0x0176fa41
                                  0x0176fa3c
                                  0x0176fa4a
                                  0x0176fa4f
                                  0x0176fa51
                                  0x0176fa53
                                  0x0176fa56
                                  0x0176fa5b
                                  0x0176fa5e
                                  0x00000000
                                  0x0176fa5e
                                  0x01712e23

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Re-Waiting
                                  • API String ID: 0-316354757
                                  • Opcode ID: c204e6ecf61aa298fea454433e0506c0bedb225d422fd2e9a35be59f00f6af6f
                                  • Instruction ID: 4e90dd39e26f5117a83f949bb989421065c59e01076821d9b4a47ef8d81d9b9b
                                  • Opcode Fuzzy Hash: c204e6ecf61aa298fea454433e0506c0bedb225d422fd2e9a35be59f00f6af6f
                                  • Instruction Fuzzy Hash: 32618831A00605AFEB32DF6CD858B7EFBA9EB45324F2402A9DD51972C6C7349E44CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E017E0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E017DFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E017E1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01759730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E017DA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E017DA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1808b04 >> 0x14) + (_v44 -  *0x1808b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01737D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E017D138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01737D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E017CFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1808724 & 0x00000008) != 0) {
						E017D52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E017E15B5(0x1808ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                  0x017e0eb7
                                  0x017e0eb9
                                  0x017e0ec0
                                  0x017e0ec2
                                  0x017e0ecd
                                  0x017e105b
                                  0x017e105b
                                  0x017e1061
                                  0x017e1066
                                  0x017e1066
                                  0x017e106b
                                  0x017e1073
                                  0x017e1073
                                  0x017e0ed3
                                  0x017e0ed6
                                  0x017e0edc
                                  0x017e0ee0
                                  0x017e0ee7
                                  0x017e0ef0
                                  0x017e0ef5
                                  0x017e0efa
                                  0x017e0efc
                                  0x017e0efd
                                  0x017e0f03
                                  0x017e0f04
                                  0x017e0f06
                                  0x017e0f07
                                  0x017e0f09
                                  0x017e0f0e
                                  0x017e0f14
                                  0x017e0f23
                                  0x017e0f2d
                                  0x017e0f34
                                  0x017e0f34
                                  0x017e0f14
                                  0x017e0f52
                                  0x00000000
                                  0x00000000
                                  0x017e0f58
                                  0x017e0f73
                                  0x017e0f74
                                  0x017e0f79
                                  0x017e0f7d
                                  0x017e0f80
                                  0x017e0f86
                                  0x017e0fab
                                  0x017e0fb5
                                  0x017e0fc6
                                  0x017e0fd1
                                  0x017e0fe3
                                  0x017e0fd3
                                  0x017e0fdc
                                  0x017e0fdc
                                  0x017e0feb
                                  0x017e1009
                                  0x017e1009
                                  0x017e1015
                                  0x017e1027
                                  0x017e1017
                                  0x017e1020
                                  0x017e1020
                                  0x017e102f
                                  0x017e103c
                                  0x017e103c
                                  0x017e1048
                                  0x017e1050
                                  0x017e1050
                                  0x017e1055
                                  0x00000000
                                  0x017e1055
                                  0x017e0f88
                                  0x017e0f9e
                                  0x017e0fa2
                                  0x017e0fa9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017e0fa9
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `
                                  • API String ID: 0-2679148245
                                  • Opcode ID: 9eece2c68ae86e8e8a2eebb58fb78e03f27da591b9499d949d8a7da3ad549d45
                                  • Instruction ID: d2352ba6fbefb24a0cc7b2a8aee1fcc6dafbcc337a6cb719afc35e138cf8c57c
                                  • Opcode Fuzzy Hash: 9eece2c68ae86e8e8a2eebb58fb78e03f27da591b9499d949d8a7da3ad549d45
                                  • Instruction Fuzzy Hash: 9E51AC713043429FE325DF28D889B1BFBE5EBC8714F44092CFA8697291D670E846CB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E0174F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01734120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01759830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01759990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017595D0();
							goto L11;
						} else {
							_t109 = L01734620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0175F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017595D0();
										L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                  0x0174f0d3
                                  0x0174f0d9
                                  0x0174f0e0
                                  0x0174f0e7
                                  0x0174f0f2
                                  0x0174f0f4
                                  0x0174f0f8
                                  0x0174f100
                                  0x0174f108
                                  0x0174f10d
                                  0x0174f115
                                  0x0174f116
                                  0x0174f11f
                                  0x0174f123
                                  0x0174f124
                                  0x0174f12c
                                  0x0174f130
                                  0x0174f134
                                  0x0174f13d
                                  0x0174f144
                                  0x0174f14b
                                  0x0174f152
                                  0x0178bab0
                                  0x0178bab0
                                  0x0174f158
                                  0x0174f158
                                  0x0174f15a
                                  0x0174f160
                                  0x0174f165
                                  0x0174f166
                                  0x0174f16f
                                  0x0174f173
                                  0x0178baa7
                                  0x0178baa7
                                  0x0178baab
                                  0x00000000
                                  0x0174f179
                                  0x0174f18d
                                  0x0174f191
                                  0x0178baa2
                                  0x00000000
                                  0x0174f197
                                  0x0174f19b
                                  0x0174f1a2
                                  0x0174f1a9
                                  0x0174f1af
                                  0x0174f1b2
                                  0x0174f1b6
                                  0x0174f1b9
                                  0x0174f1c4
                                  0x0174f1d8
                                  0x0174f1df
                                  0x0174f1e3
                                  0x0174f1eb
                                  0x0174f1ee
                                  0x0174f1f4
                                  0x0174f20f
                                  0x0178bab7
                                  0x0178babb
                                  0x0178bacc
                                  0x0178bad1
                                  0x0174f215
                                  0x0174f218
                                  0x0174f226
                                  0x0174f22b
                                  0x00000000
                                  0x0174f22b
                                  0x0174f1f6
                                  0x0174f1f6
                                  0x0174f1f9
                                  0x0174f1fb
                                  0x0174f1fb
                                  0x0174f1f4
                                  0x0174f191
                                  0x0174f173
                                  0x0174f152
                                  0x0174f203

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                  • Instruction ID: f26f199c98f980477e4ab74480e0f4fc46802521db0024fbe3ec7e5983912ba6
                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                  • Instruction Fuzzy Hash: E3516971504715AFC321DF29C840A6BFBF8FF88710F00892AFA9597690E7B4E914CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01793540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E01793540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x180d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01750BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01793706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0175FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01793540;
						E0175FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0176DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E017A0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E017597C0();
					}
					return E0175B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01793971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01793884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0175FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01759650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01793787(_a4,  &_v352, _t80);
						}
					}
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E017595D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                  0x01793552
                                  0x0179355a
                                  0x0179355d
                                  0x01793566
                                  0x01793567
                                  0x0179357e
                                  0x0179358f
                                  0x017935a1
                                  0x017935a5
                                  0x0179366b
                                  0x0179366b
                                  0x0179366d
                                  0x01793672
                                  0x01793679
                                  0x01793685
                                  0x0179368d
                                  0x0179369d
                                  0x017936a7
                                  0x017936b8
                                  0x017936c6
                                  0x017936c7
                                  0x017936dc
                                  0x017936e1
                                  0x017936e7
                                  0x017936e9
                                  0x017936e9
                                  0x01793703
                                  0x01793703
                                  0x017935b5
                                  0x017935c0
                                  0x017935c4
                                  0x00000000
                                  0x00000000
                                  0x017935ca
                                  0x017935d7
                                  0x017935e2
                                  0x017935e6
                                  0x017935e8
                                  0x017935f5
                                  0x017935fa
                                  0x01793603
                                  0x01793604
                                  0x01793609
                                  0x0179360a
                                  0x01793612
                                  0x01793613
                                  0x0179361e
                                  0x01793622
                                  0x01793628
                                  0x0179362f
                                  0x0179362f
                                  0x01793636
                                  0x01793638
                                  0x0179363b
                                  0x01793642
                                  0x01793642
                                  0x01793636
                                  0x01793657
                                  0x01793657
                                  0x0179365c
                                  0x01793662
                                  0x01793669
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: 14b7ec2463c5fc0c592fd187d355bad9d6cba2a5bc309169ffe5b8e234645ea0
                                  • Instruction ID: 45bf849c661c12e1ac933a4a115b32ecdfe004021a2adab3c446e3266a2eb388
                                  • Opcode Fuzzy Hash: 14b7ec2463c5fc0c592fd187d355bad9d6cba2a5bc309169ffe5b8e234645ea0
                                  • Instruction Fuzzy Hash: 3E4124B1D0152DABDF21DA60DC84FAEF77CAB54714F0045A5EA09AB240DB709E888F95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 71%
                                  			E017E05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E017E07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01759730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E017DA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E017DA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E017E1293(_t79, _v40, E017E07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01737D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E017D138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                  0x017e05c5
                                  0x017e05ca
                                  0x017e05d3
                                  0x017e06db
                                  0x017e06db
                                  0x017e06dd
                                  0x017e06e3
                                  0x017e06e3
                                  0x017e05dd
                                  0x017e05e7
                                  0x017e05f6
                                  0x017e0600
                                  0x017e0607
                                  0x017e0610
                                  0x017e0615
                                  0x017e061a
                                  0x017e061c
                                  0x017e061e
                                  0x017e0624
                                  0x017e0625
                                  0x017e0627
                                  0x017e0628
                                  0x017e0631
                                  0x017e0640
                                  0x017e064d
                                  0x017e0654
                                  0x017e0654
                                  0x017e0631
                                  0x017e066d
                                  0x017e0674
                                  0x00000000
                                  0x00000000
                                  0x017e0692
                                  0x017e069e
                                  0x017e06b0
                                  0x017e06a0
                                  0x017e06a9
                                  0x017e06a9
                                  0x017e06b8
                                  0x017e06d6
                                  0x017e06d6
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `
                                  • API String ID: 0-2679148245
                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                  • Instruction ID: ca0e61b6eb70bc953b2a83b42132bc3af2fbc39614d2ff3feac86a6e2060ba60
                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                  • Instruction Fuzzy Hash: 6A31E47270434A6BE720DE28CD49F97BBD9FBC8754F144229FA54AB280D7B0E914CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01793884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E01793884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01759650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01734620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01759650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                  0x01793893
                                  0x01793896
                                  0x01793899
                                  0x0179389f
                                  0x017938a0
                                  0x017938a4
                                  0x017938a9
                                  0x017938ac
                                  0x017938ad
                                  0x017938ae
                                  0x017938af
                                  0x017938b1
                                  0x017938b4
                                  0x017938bb
                                  0x017938bc
                                  0x017938bd
                                  0x017938c4
                                  0x017938c8
                                  0x017938ca
                                  0x017938ca
                                  0x017938d5
                                  0x0179393e
                                  0x01793940
                                  0x01793942
                                  0x01793952
                                  0x01793954
                                  0x01793961
                                  0x01793961
                                  0x01793967
                                  0x0179396e
                                  0x0179396e
                                  0x01793947
                                  0x0179394c
                                  0x00000000
                                  0x0179394c
                                  0x017938ea
                                  0x017938ee
                                  0x017938f8
                                  0x017938f9
                                  0x017938ff
                                  0x01793900
                                  0x01793902
                                  0x01793903
                                  0x0179390b
                                  0x0179390f
                                  0x01793950
                                  0x00000000
                                  0x01793950
                                  0x01793915
                                  0x0179391d
                                  0x0179391d
                                  0x01793922
                                  0x01793926
                                  0x00000000
                                  0x01793928
                                  0x0179392b
                                  0x0179392b
                                  0x01793935
                                  0x01793937
                                  0x01793937
                                  0x00000000
                                  0x01793935
                                  0x01793926
                                  0x017938f0
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryName
                                  • API String ID: 0-215506332
                                  • Opcode ID: 5a18e9d33ed803301bd73229ae4d8532619fb192b8447dab582ff048c33912e3
                                  • Instruction ID: 3fdb1a667a45508d9d30bd464a2e23d8141080880b13d671268e004477774d02
                                  • Opcode Fuzzy Hash: 5a18e9d33ed803301bd73229ae4d8532619fb192b8447dab582ff048c33912e3
                                  • Instruction Fuzzy Hash: E431F17290051AAFEF15DB68D945E7BFB74FB80B38F014169EA04A7241D7309E08C7A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 33%
                                  			E0174D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x180d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01734120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0175B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E017598D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E017595D0();
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                  0x0174d29c
                                  0x0174d2a6
                                  0x0174d2b1
                                  0x0174d2b5
                                  0x0174d2b6
                                  0x0174d2bc
                                  0x0174d2bd
                                  0x0174d2be
                                  0x0174d2bf
                                  0x0174d2c2
                                  0x0174d2c4
                                  0x0174d2cc
                                  0x0174d384
                                  0x0174d34b
                                  0x0174d34f
                                  0x0174d350
                                  0x0174d351
                                  0x0174d35c
                                  0x0174d35c
                                  0x0174d2d6
                                  0x0174d2da
                                  0x0174d2e1
                                  0x0174d361
                                  0x0174d369
                                  0x0174d36d
                                  0x0174d2e3
                                  0x0174d2e3
                                  0x0174d2e3
                                  0x0174d2e5
                                  0x0174d2ed
                                  0x0174d2f5
                                  0x0174d2fa
                                  0x0174d302
                                  0x0174d303
                                  0x0174d30b
                                  0x0174d30f
                                  0x0174d313
                                  0x0174d318
                                  0x0174d31c
                                  0x0174d320
                                  0x0174d379
                                  0x0174d37d
                                  0x00000000
                                  0x00000000
                                  0x0178affe
                                  0x0178b001
                                  0x0178b011
                                  0x00000000
                                  0x0174d322
                                  0x0174d322
                                  0x0174d330
                                  0x0174d337
                                  0x0174d35d
                                  0x0174d339
                                  0x0174d33f
                                  0x0174d38c
                                  0x0174d38c
                                  0x0174d33f
                                  0x0174d349
                                  0x00000000
                                  0x0174d349

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 540f478f3c2394a3a0311829671666a785224e166faae598b0853c649f7dbf2c
                                  • Instruction ID: 838ff5c54d5d90d7bf912c9c0be1768cd03b88fb3fce44b08c539895f6d2e1af
                                  • Opcode Fuzzy Hash: 540f478f3c2394a3a0311829671666a785224e166faae598b0853c649f7dbf2c
                                  • Instruction Fuzzy Hash: 8F318DB1548305DFC361DF68C984A6BFBE8EBA9654F00092EF9D583251E734DD04CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01721B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E01721B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0175BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0175A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0175A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01734620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                  0x01721b8f
                                  0x01721b9a
                                  0x01721b9c
                                  0x01721b9e
                                  0x01721ba3
                                  0x01777010
                                  0x01777010
                                  0x00000000
                                  0x01721ba9
                                  0x01721ba9
                                  0x01721bae
                                  0x00000000
                                  0x01721bc5
                                  0x01721bca
                                  0x01721bcf
                                  0x01721bd0
                                  0x01721bd1
                                  0x01721bd2
                                  0x01721bd6
                                  0x01721bdc
                                  0x01721be0
                                  0x01776ffc
                                  0x01777000
                                  0x00000000
                                  0x01777006
                                  0x01777009
                                  0x01777009
                                  0x01721be6
                                  0x01721bec
                                  0x01721c0b
                                  0x01721c0b
                                  0x01721c0c
                                  0x01721c11
                                  0x01721c12
                                  0x01721c15
                                  0x01721c1b
                                  0x01721c1f
                                  0x01721c31
                                  0x01721c33
                                  0x01777026
                                  0x01777026
                                  0x01721c21
                                  0x01721c24
                                  0x01721c24
                                  0x01721bee
                                  0x01721bee
                                  0x01721bf2
                                  0x01721c3a
                                  0x01721bf4
                                  0x01721bf4
                                  0x01721c05
                                  0x01721c05
                                  0x01721c09
                                  0x01721c3e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01721c09
                                  0x01721bec
                                  0x01721be0
                                  0x01721bae
                                  0x01721c2e

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: WindowsExcludedProcs
                                  • API String ID: 0-3583428290
                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                  • Instruction ID: 5b877faa07212c4f292fb337010d259323e87378940d9e1e1b5908d5927b844f
                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                  • Instruction Fuzzy Hash: 0621F27A901239ABDF229A598844F6FFBADFF80A50F1544A5FE048B204E630DC02D7E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0173F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                  0x0173f71d
                                  0x0173f722
                                  0x0173f726
                                  0x01784770
                                  0x0173f765
                                  0x0173f769
                                  0x0173f769
                                  0x0173f732
                                  0x0178477a
                                  0x00000000
                                  0x0178477a
                                  0x0173f738
                                  0x0173f73a
                                  0x0173f73c
                                  0x0173f73f
                                  0x0173f746
                                  0x0173f778
                                  0x0173f7a9
                                  0x0173f7a9
                                  0x0173f754
                                  0x0173f75a
                                  0x0173f75d
                                  0x0173f75f
                                  0x0173f761
                                  0x0173f76f
                                  0x0173f771
                                  0x0173f771
                                  0x0173f76f
                                  0x0173f763
                                  0x00000000
                                  0x0173f763
                                  0x0173f77d
                                  0x0173f7a3
                                  0x0173f7a5
                                  0x00000000
                                  0x0173f7a5
                                  0x0173f77f
                                  0x0173f782
                                  0x0173f784
                                  0x0173f786
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0173f788
                                  0x0173f748
                                  0x0173f74d
                                  0x0173f78d
                                  0x0173f793
                                  0x0173f7b7
                                  0x0173f7bc
                                  0x00000000
                                  0x0173f7bc
                                  0x0173f798
                                  0x00000000
                                  0x00000000
                                  0x0173f79d
                                  0x0173f7b0
                                  0x00000000
                                  0x0173f7b0
                                  0x0173f79f
                                  0x00000000
                                  0x0173f74f
                                  0x0173f74f
                                  0x00000000
                                  0x0173f74f

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx
                                  • API String ID: 0-89312691
                                  • Opcode ID: bd18e9b92776ad9b8f228edeb79d2ae4cca7196f5fcb29df0b889f44c67ca744
                                  • Instruction ID: ae2b1c0221e9b85dc50f46cfca504bd5fb21964718a1e8fb04c03a42945f1cba
                                  • Opcode Fuzzy Hash: bd18e9b92776ad9b8f228edeb79d2ae4cca7196f5fcb29df0b889f44c67ca744
                                  • Instruction Fuzzy Hash: FC11E274F047028BEB274E1D8890B36F695ABD52E4FA4457AE566CB393DB70CC018343
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017C8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 71%
                                  			E017C8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x17f0d50);
				E0176D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E017A5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E0176DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E0176DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0176D130(_t34, _t39, _t40);
			}





                                  0x017c8df1
                                  0x017c8df1
                                  0x017c8df1
                                  0x017c8df1
                                  0x017c8df1
                                  0x017c8df1
                                  0x017c8df3
                                  0x017c8df8
                                  0x017c8dfd
                                  0x017c8e00
                                  0x017c8e0e
                                  0x017c8e2a
                                  0x017c8e36
                                  0x017c8e38
                                  0x017c8e3c
                                  0x017c8e46
                                  0x017c8e46
                                  0x017c8e36
                                  0x017c8e50
                                  0x017c8e56
                                  0x017c8e59
                                  0x017c8e5c
                                  0x017c8e60
                                  0x017c8e67
                                  0x017c8e6d
                                  0x017c8e73
                                  0x017c8e74
                                  0x017c8eb1
                                  0x017c8ebd

                                  Strings
                                  • Critical error detected %lx, xrefs: 017C8E21
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Critical error detected %lx
                                  • API String ID: 0-802127002
                                  • Opcode ID: c545a637ae258bfa3990a7e70bec44e05c137dcc51e54331537cfec9a65f900d
                                  • Instruction ID: 587bd6eb65adf29946d94c7844368c6c55e803bfa2ab679b86252484f5f7d243
                                  • Opcode Fuzzy Hash: c545a637ae258bfa3990a7e70bec44e05c137dcc51e54331537cfec9a65f900d
                                  • Instruction Fuzzy Hash: 141139B1D14348DADB25CFE9C9097EDFBB4AB18715F24425DD5696B382C3740601CF15
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E5BA5 Relevance: .6, Instructions: 592COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E017E5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x17f1178);
				E0176D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E017E4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0175D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E017E5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x18060e8;
								if( *0x18060e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x18060e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01759710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01756DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0175F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0175F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0175F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0175FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0175FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0175F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0175F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E017E4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0176D130(_t427, _t494, _t511);
				}
			}










































































                                  0x017e5ba5
                                  0x017e5baa
                                  0x017e5baf
                                  0x017e5bb4
                                  0x017e5bb6
                                  0x017e5bbc
                                  0x017e5bbe
                                  0x017e5bc4
                                  0x017e5bcd
                                  0x017e5bd3
                                  0x017e5bd6
                                  0x017e5bdc
                                  0x017e5be0
                                  0x017e5be3
                                  0x017e5beb
                                  0x017e5bf2
                                  0x017e5bf8
                                  0x017e5bfe
                                  0x017e5c04
                                  0x017e5c0e
                                  0x017e5c18
                                  0x017e5c1f
                                  0x017e5c25
                                  0x017e5c2a
                                  0x017e5c2c
                                  0x017e5c32
                                  0x017e5c3a
                                  0x017e5c3f
                                  0x017e5c42
                                  0x017e5c48
                                  0x017e5c5b
                                  0x017e5c5b
                                  0x017e5c2c
                                  0x017e5cb7
                                  0x017e5cb9
                                  0x017e5cbf
                                  0x017e5cc2
                                  0x017e5cca
                                  0x017e5ccb
                                  0x017e5ccb
                                  0x017e5cd1
                                  0x017e5cd7
                                  0x017e5cda
                                  0x017e5ce1
                                  0x017e5ce4
                                  0x017e5ce7
                                  0x017e5ced
                                  0x017e5cf3
                                  0x017e5cf9
                                  0x017e5cff
                                  0x017e5d08
                                  0x017e5d0a
                                  0x017e5d0e
                                  0x017e5d10
                                  0x00000000
                                  0x00000000
                                  0x017e5d16
                                  0x017e5d1a
                                  0x00000000
                                  0x00000000
                                  0x017e5d20
                                  0x017e5d22
                                  0x017e5d25
                                  0x017e5d2f
                                  0x017e5d2f
                                  0x017e5d33
                                  0x017e5d3d
                                  0x017e5d49
                                  0x017e5d4b
                                  0x00000000
                                  0x00000000
                                  0x017e5d5a
                                  0x017e5d5d
                                  0x017e5d60
                                  0x00000000
                                  0x00000000
                                  0x017e5d66
                                  0x017e5d69
                                  0x00000000
                                  0x00000000
                                  0x017e5d6f
                                  0x017e5d6f
                                  0x017e5d73
                                  0x017e5d79
                                  0x017e5d7f
                                  0x017e5d86
                                  0x017e5d95
                                  0x017e5d98
                                  0x017e5dba
                                  0x017e5dcb
                                  0x017e5dce
                                  0x017e5dd3
                                  0x017e5dd6
                                  0x017e5dd8
                                  0x017e5de6
                                  0x017e5dec
                                  0x017e5dee
                                  0x017e5df1
                                  0x017e5df3
                                  0x017e635a
                                  0x017e635a
                                  0x00000000
                                  0x017e635a
                                  0x017e5dfe
                                  0x017e5e02
                                  0x017e5e05
                                  0x017e5e07
                                  0x017e5e10
                                  0x017e5e13
                                  0x017e5e1b
                                  0x017e5e1c
                                  0x017e5e21
                                  0x017e5e22
                                  0x017e5e23
                                  0x017e5e25
                                  0x017e5e2a
                                  0x017e5e2c
                                  0x017e5e2e
                                  0x017e5e36
                                  0x017e5e39
                                  0x017e5e42
                                  0x017e5e47
                                  0x017e5e4d
                                  0x017e5e54
                                  0x017e5e54
                                  0x017e5e54
                                  0x017e5e2e
                                  0x017e5e5c
                                  0x017e5e5f
                                  0x017e5e62
                                  0x017e5e64
                                  0x017e5e6b
                                  0x017e5e70
                                  0x017e5e7a
                                  0x017e5e7a
                                  0x017e5e7a
                                  0x017e5e6b
                                  0x017e5e7e
                                  0x017e5e7f
                                  0x017e5e7f
                                  0x017e5e81
                                  0x017e5e87
                                  0x017e5e8b
                                  0x017e5e8c
                                  0x017e5e8c
                                  0x017e5e8c
                                  0x017e5e9a
                                  0x017e5e9c
                                  0x017e5ea2
                                  0x017e5ea6
                                  0x017e5f50
                                  0x017e5f50
                                  0x017e5f57
                                  0x017e5f66
                                  0x017e5f66
                                  0x017e5f66
                                  0x017e5f68
                                  0x017e5f6a
                                  0x017e63d0
                                  0x00000000
                                  0x017e5f70
                                  0x017e5f70
                                  0x017e5f91
                                  0x017e5f9c
                                  0x017e5f9e
                                  0x017e5fa4
                                  0x017e5fa6
                                  0x017e638c
                                  0x017e6392
                                  0x017e63a1
                                  0x017e63a7
                                  0x017e63af
                                  0x017e63af
                                  0x017e63bd
                                  0x017e63d8
                                  0x00000000
                                  0x017e63d8
                                  0x017e5fac
                                  0x017e5fb2
                                  0x017e5fb4
                                  0x017e5fbd
                                  0x017e5fc6
                                  0x017e5fce
                                  0x017e5fd4
                                  0x017e5fdc
                                  0x017e5fec
                                  0x017e5fed
                                  0x017e5fee
                                  0x017e5fef
                                  0x017e5ff9
                                  0x017e5ffa
                                  0x017e5ffb
                                  0x017e5ffc
                                  0x017e6000
                                  0x017e6004
                                  0x017e6012
                                  0x017e6012
                                  0x017e6018
                                  0x017e6019
                                  0x017e601a
                                  0x017e601b
                                  0x017e601c
                                  0x017e6020
                                  0x017e6059
                                  0x017e605c
                                  0x017e6061
                                  0x017e6061
                                  0x017e6022
                                  0x017e6022
                                  0x017e6022
                                  0x017e6025
                                  0x017e602a
                                  0x017e602b
                                  0x017e6031
                                  0x017e6037
                                  0x017e6038
                                  0x017e603e
                                  0x017e6048
                                  0x017e6049
                                  0x017e604a
                                  0x017e604b
                                  0x017e604c
                                  0x017e604d
                                  0x017e6053
                                  0x017e6054
                                  0x017e6054
                                  0x017e6062
                                  0x017e6065
                                  0x017e6067
                                  0x017e606a
                                  0x017e6070
                                  0x017e6075
                                  0x017e6076
                                  0x017e6081
                                  0x017e6087
                                  0x017e6095
                                  0x017e6099
                                  0x017e609e
                                  0x017e60a4
                                  0x017e60ae
                                  0x017e60b0
                                  0x017e60b3
                                  0x017e60b6
                                  0x017e60b8
                                  0x017e60ba
                                  0x017e60ba
                                  0x017e60ba
                                  0x017e60ba
                                  0x017e60be
                                  0x017e60c0
                                  0x017e60c5
                                  0x017e60c5
                                  0x017e60c5
                                  0x017e60c6
                                  0x017e60cd
                                  0x017e6114
                                  0x017e60cf
                                  0x017e60cf
                                  0x017e60d4
                                  0x017e60d5
                                  0x017e60da
                                  0x017e60db
                                  0x017e60e1
                                  0x017e60e2
                                  0x017e60e8
                                  0x017e60f8
                                  0x017e60fd
                                  0x017e60fe
                                  0x017e6102
                                  0x017e6104
                                  0x017e6107
                                  0x017e6109
                                  0x017e610b
                                  0x017e610b
                                  0x017e610b
                                  0x017e610b
                                  0x017e610f
                                  0x017e610f
                                  0x017e6117
                                  0x017e611a
                                  0x017e611f
                                  0x017e6125
                                  0x017e6134
                                  0x017e6139
                                  0x017e613f
                                  0x017e6146
                                  0x017e6148
                                  0x017e614b
                                  0x017e614d
                                  0x017e614f
                                  0x017e614f
                                  0x017e614f
                                  0x017e614f
                                  0x017e6153
                                  0x017e6159
                                  0x017e6159
                                  0x017e615c
                                  0x017e6163
                                  0x017e6169
                                  0x017e616c
                                  0x017e6172
                                  0x017e6181
                                  0x017e6186
                                  0x017e6187
                                  0x017e618b
                                  0x017e6191
                                  0x017e6195
                                  0x017e61a3
                                  0x017e61bb
                                  0x017e61c0
                                  0x017e61c3
                                  0x017e61cc
                                  0x017e61d0
                                  0x017e61dc
                                  0x017e61de
                                  0x017e61e1
                                  0x017e61e4
                                  0x017e61e6
                                  0x017e61e8
                                  0x017e61e8
                                  0x017e61e8
                                  0x017e61e8
                                  0x017e61e6
                                  0x017e61ec
                                  0x017e61f3
                                  0x017e6203
                                  0x017e6209
                                  0x017e620a
                                  0x017e6216
                                  0x017e621d
                                  0x017e6227
                                  0x017e6241
                                  0x017e6246
                                  0x017e624c
                                  0x017e6257
                                  0x017e6259
                                  0x017e625c
                                  0x017e625e
                                  0x017e6260
                                  0x017e6260
                                  0x017e6260
                                  0x017e6260
                                  0x017e625e
                                  0x017e6264
                                  0x017e6267
                                  0x017e6269
                                  0x017e6315
                                  0x017e6315
                                  0x017e631b
                                  0x017e631e
                                  0x017e6324
                                  0x017e6327
                                  0x017e632f
                                  0x017e6330
                                  0x017e6333
                                  0x017e633a
                                  0x017e633c
                                  0x017e6335
                                  0x017e6335
                                  0x017e6335
                                  0x017e633f
                                  0x017e6342
                                  0x017e634c
                                  0x017e6352
                                  0x017e6355
                                  0x017e6355
                                  0x017e6359
                                  0x00000000
                                  0x017e626f
                                  0x017e6275
                                  0x017e6275
                                  0x017e6278
                                  0x017e627e
                                  0x017e627e
                                  0x017e6281
                                  0x017e6287
                                  0x017e628d
                                  0x017e6298
                                  0x017e629c
                                  0x017e62a2
                                  0x017e629e
                                  0x017e629e
                                  0x017e629e
                                  0x017e62a7
                                  0x017e62a7
                                  0x017e62aa
                                  0x017e62b0
                                  0x017e62f0
                                  0x017e62f0
                                  0x017e62f2
                                  0x017e62f8
                                  0x017e62fd
                                  0x017e62b2
                                  0x017e62b2
                                  0x017e62b2
                                  0x017e62b5
                                  0x017e62dd
                                  0x017e62e2
                                  0x017e62e5
                                  0x017e62b7
                                  0x017e62b8
                                  0x017e62bb
                                  0x017e62bd
                                  0x017e62c0
                                  0x017e62c4
                                  0x017e62cd
                                  0x017e62cd
                                  0x017e62c0
                                  0x017e62bb
                                  0x017e62b5
                                  0x017e6302
                                  0x017e6303
                                  0x017e6305
                                  0x017e6305
                                  0x017e6305
                                  0x017e630c
                                  0x017e630c
                                  0x00000000
                                  0x017e627e
                                  0x017e6269
                                  0x017e5eac
                                  0x017e5ebb
                                  0x017e5ebe
                                  0x017e5ecb
                                  0x017e5ecb
                                  0x017e5ece
                                  0x017e5ece
                                  0x017e5ed4
                                  0x017e5ed7
                                  0x017e5ed9
                                  0x017e5edb
                                  0x017e5edb
                                  0x017e5ee1
                                  0x017e5ee1
                                  0x017e5ee3
                                  0x017e5f20
                                  0x017e5f20
                                  0x017e5ee5
                                  0x017e5ee5
                                  0x017e5ee5
                                  0x017e5ee8
                                  0x017e5f11
                                  0x017e5f18
                                  0x017e5eea
                                  0x017e5eea
                                  0x017e5eed
                                  0x017e5ef2
                                  0x017e5ef8
                                  0x017e5efb
                                  0x017e5f0a
                                  0x017e5f0a
                                  0x017e5eed
                                  0x017e5ee8
                                  0x017e5f22
                                  0x017e5f28
                                  0x00000000
                                  0x00000000
                                  0x017e5f30
                                  0x017e5f31
                                  0x017e5f37
                                  0x017e5f3a
                                  0x017e5f3d
                                  0x017e5f44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017e5f46
                                  0x017e5f48
                                  0x017e5f4d
                                  0x00000000
                                  0x017e5f4d
                                  0x017e5dda
                                  0x017e5ddf
                                  0x00000000
                                  0x017e5ddf
                                  0x017e5dd8
                                  0x017e5da7
                                  0x017e5da9
                                  0x017e5dac
                                  0x017e5dae
                                  0x00000000
                                  0x017e5db4
                                  0x017e5db4
                                  0x00000000
                                  0x017e5db4
                                  0x017e5dae
                                  0x017e5d88
                                  0x017e5d8d
                                  0x017e6363
                                  0x017e6369
                                  0x017e636a
                                  0x017e6370
                                  0x017e6372
                                  0x017e637a
                                  0x017e637b
                                  0x017e637d
                                  0x00000000
                                  0x00000000
                                  0x017e637f
                                  0x017e6385
                                  0x00000000
                                  0x017e6385
                                  0x017e5d38
                                  0x017e5d3b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017e5d3b
                                  0x017e5d27
                                  0x017e5d29
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017e6360
                                  0x00000000
                                  0x017e6360
                                  0x017e5c10
                                  0x017e5c10
                                  0x017e63da
                                  0x017e63e5
                                  0x017e63e5

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e713dd3086739fcca737fe09c6c9cb55042ba98b442d001a50ca4d82c0548eae
                                  • Instruction ID: 9adf5dcd4ecc34b3d618dc689c93441dc01fe0b49eaf8a55759c59bf614f45b1
                                  • Opcode Fuzzy Hash: e713dd3086739fcca737fe09c6c9cb55042ba98b442d001a50ca4d82c0548eae
                                  • Instruction Fuzzy Hash: 33425A75900229CFDB64CF68C884BA9FBF1FF59304F1481AAE94DAB242D7749A85CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01734120 Relevance: .4, Instructions: 444COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E01734120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x180d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0174F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01736E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01734620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01736E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017345F8))) {
												case 0:
													_v568 = 0x16f1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x16f11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01734620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0175F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0175F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017152A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0172EB70(1, 0x18079a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0172AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017595D0();
																			L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0175B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01753D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0175B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                  0x01734128
                                  0x01734135
                                  0x0173413c
                                  0x01734141
                                  0x01734145
                                  0x01734147
                                  0x0173414e
                                  0x01734151
                                  0x01734159
                                  0x0173415c
                                  0x01734160
                                  0x01734164
                                  0x01734168
                                  0x0173416c
                                  0x0173417f
                                  0x01734181
                                  0x0173446a
                                  0x0173446a
                                  0x0173418c
                                  0x01734195
                                  0x01734199
                                  0x01734432
                                  0x01734439
                                  0x0173443d
                                  0x01734442
                                  0x01734447
                                  0x00000000
                                  0x0173419f
                                  0x017341a3
                                  0x017341b1
                                  0x017341b9
                                  0x017341bd
                                  0x017345db
                                  0x017345db
                                  0x00000000
                                  0x017341c3
                                  0x017341c3
                                  0x017341ce
                                  0x017341d4
                                  0x0177e138
                                  0x0177e13e
                                  0x0177e169
                                  0x0177e16d
                                  0x0177e19e
                                  0x0177e16f
                                  0x0177e16f
                                  0x0177e175
                                  0x0177e179
                                  0x0177e18f
                                  0x0177e193
                                  0x00000000
                                  0x0177e199
                                  0x00000000
                                  0x0177e199
                                  0x0177e193
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017341da
                                  0x017341da
                                  0x017341df
                                  0x017341e4
                                  0x017341ec
                                  0x01734203
                                  0x01734207
                                  0x0177e1fd
                                  0x01734222
                                  0x01734226
                                  0x0177e1f3
                                  0x0177e1f3
                                  0x0173422c
                                  0x0173422c
                                  0x01734233
                                  0x0177e1ed
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01734239
                                  0x01734239
                                  0x01734239
                                  0x01734239
                                  0x01734233
                                  0x01734226
                                  0x017341ee
                                  0x017341ee
                                  0x017341f4
                                  0x01734575
                                  0x0177e1b1
                                  0x0177e1b1
                                  0x00000000
                                  0x0173457b
                                  0x0173457b
                                  0x01734582
                                  0x0177e1ab
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01734588
                                  0x01734588
                                  0x0173458c
                                  0x0177e1c4
                                  0x0177e1c4
                                  0x00000000
                                  0x01734592
                                  0x01734592
                                  0x01734599
                                  0x0177e1be
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0173459f
                                  0x0173459f
                                  0x017345a3
                                  0x0177e1d7
                                  0x0177e1e4
                                  0x00000000
                                  0x017345a9
                                  0x017345a9
                                  0x017345b0
                                  0x0177e1d1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017345b6
                                  0x017345b6
                                  0x017345b6
                                  0x00000000
                                  0x017345b6
                                  0x017345b0
                                  0x017345a3
                                  0x01734599
                                  0x0173458c
                                  0x01734582
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017341f4
                                  0x0173423e
                                  0x01734241
                                  0x017345c0
                                  0x017345c4
                                  0x00000000
                                  0x017345ca
                                  0x017345ca
                                  0x00000000
                                  0x0177e207
                                  0x0177e20f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017345d1
                                  0x00000000
                                  0x00000000
                                  0x017345ca
                                  0x00000000
                                  0x01734247
                                  0x01734247
                                  0x01734247
                                  0x01734249
                                  0x01734249
                                  0x01734249
                                  0x01734251
                                  0x01734251
                                  0x01734257
                                  0x0173425f
                                  0x0173426e
                                  0x01734270
                                  0x0173427a
                                  0x0177e219
                                  0x0177e219
                                  0x01734280
                                  0x01734282
                                  0x01734456
                                  0x017345ea
                                  0x00000000
                                  0x017345f0
                                  0x0177e223
                                  0x00000000
                                  0x0177e223
                                  0x0173445c
                                  0x0173445c
                                  0x00000000
                                  0x0173445c
                                  0x00000000
                                  0x01734288
                                  0x0173428c
                                  0x0177e298
                                  0x01734292
                                  0x01734292
                                  0x0173429e
                                  0x017342a3
                                  0x017342a7
                                  0x017342ac
                                  0x0177e22d
                                  0x017342b2
                                  0x017342b2
                                  0x017342b9
                                  0x017342bc
                                  0x017342c2
                                  0x017342ca
                                  0x017342cd
                                  0x017342cd
                                  0x017342d4
                                  0x0173433f
                                  0x0173433f
                                  0x017342d6
                                  0x017342d6
                                  0x017342d9
                                  0x017342dd
                                  0x017342eb
                                  0x0177e23a
                                  0x017342f1
                                  0x01734305
                                  0x0173430d
                                  0x01734315
                                  0x01734318
                                  0x0173431f
                                  0x01734322
                                  0x0173432e
                                  0x0173433b
                                  0x0173433b
                                  0x00000000
                                  0x0173432e
                                  0x017342eb
                                  0x0173434c
                                  0x0173434e
                                  0x01734352
                                  0x01734359
                                  0x0173435e
                                  0x01734361
                                  0x0173436e
                                  0x0173438a
                                  0x0173438e
                                  0x01734396
                                  0x0173439e
                                  0x017343a1
                                  0x017343ad
                                  0x017343bb
                                  0x017343bb
                                  0x017343ad
                                  0x0173436e
                                  0x017343bf
                                  0x017343c5
                                  0x01734463
                                  0x01734463
                                  0x017343ce
                                  0x017343d5
                                  0x017343d9
                                  0x017343df
                                  0x01734475
                                  0x01734479
                                  0x01734491
                                  0x01734491
                                  0x01734479
                                  0x017343e5
                                  0x017343eb
                                  0x017343f4
                                  0x017343f6
                                  0x017343f9
                                  0x017343fc
                                  0x017343ff
                                  0x017344e8
                                  0x017344ed
                                  0x017344f3
                                  0x0177e247
                                  0x00000000
                                  0x017344f9
                                  0x01734504
                                  0x01734508
                                  0x0173450f
                                  0x0177e269
                                  0x00000000
                                  0x01734515
                                  0x01734519
                                  0x01734531
                                  0x01734534
                                  0x01734537
                                  0x0173453e
                                  0x01734541
                                  0x0173454a
                                  0x0177e255
                                  0x0177e255
                                  0x0177e25b
                                  0x0177e25e
                                  0x0177e261
                                  0x0177e261
                                  0x01734555
                                  0x01734559
                                  0x0173455d
                                  0x0177e26d
                                  0x0177e270
                                  0x0177e274
                                  0x0177e27a
                                  0x0177e27d
                                  0x0177e28e
                                  0x0177e28e
                                  0x01734563
                                  0x01734563
                                  0x01734569
                                  0x01734569
                                  0x00000000
                                  0x0173455d
                                  0x0173450f
                                  0x00000000
                                  0x017344f3
                                  0x017343ff
                                  0x01734405
                                  0x01734405
                                  0x01734405
                                  0x017342ac
                                  0x0173428c
                                  0x01734282
                                  0x01734407
                                  0x0173440d
                                  0x0177e2af
                                  0x0177e2af
                                  0x01734413
                                  0x01734413
                                  0x00000000
                                  0x017341d4
                                  0x00000000
                                  0x017341c3
                                  0x017341bd
                                  0x01734415
                                  0x01734415
                                  0x01734416
                                  0x01734417
                                  0x01734429
                                  0x0173416e
                                  0x0173416e
                                  0x01734175
                                  0x01734498
                                  0x0173449f
                                  0x0177e12d
                                  0x00000000
                                  0x0177e133
                                  0x00000000
                                  0x0177e133
                                  0x017344a5
                                  0x017344a5
                                  0x017344aa
                                  0x00000000
                                  0x017344bb
                                  0x017344ca
                                  0x017344d6
                                  0x017344d7
                                  0x017344d8
                                  0x017344e3
                                  0x017344e3
                                  0x017344aa
                                  0x0173417b
                                  0x0173417b
                                  0x0173417b
                                  0x00000000
                                  0x0173417b
                                  0x01734175
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 558ddb306484f01b479be8bccc361b23d906dee0c8dd1cadb7bf24e3687aa9ec
                                  • Instruction ID: e638c8447fa5b13e186be368df5b1c46e123f28e9b77a82d296cbaf8827c31d5
                                  • Opcode Fuzzy Hash: 558ddb306484f01b479be8bccc361b23d906dee0c8dd1cadb7bf24e3687aa9ec
                                  • Instruction Fuzzy Hash: 0AF17D716082118FDB28CF58C484A7AFBE1FF98714F14496EF986CB292E734D981CB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017420A0 Relevance: .4, Instructions: 420COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E017420A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1808714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01742EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01742EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E017158EC(_t240);
									_t221 =  *0x1805cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1805cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01754A2C(0x1806e40, 0x1754b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01737D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x16f5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0174F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0174F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01797016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01732400(_t267 + 0x20);
															}
															L01732400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01742397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01732280(_t134, 0x1808608);
									__eflags =  *0x1806e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0172FFB0(_t198, _t241, 0x1808608);
										__eflags = _t253;
										if(_t253 != 0) {
											L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1806e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1808608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01746B90(_t210,  &_v64);
										_t262 =  *0x1808608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0174E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E017597C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0175006A(0x1808608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1808608);
												E0175B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1806904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1806e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0172FFB0(_t198, _t240, 0x1808608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E017500C2(0x1808608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                  0x017420a0
                                  0x017420a8
                                  0x017420ad
                                  0x017420b3
                                  0x017420b8
                                  0x017420c2
                                  0x017420c7
                                  0x017420cb
                                  0x017420d2
                                  0x01742263
                                  0x01742266
                                  0x01785836
                                  0x01785836
                                  0x00000000
                                  0x0174226c
                                  0x0174226c
                                  0x01742270
                                  0x01742274
                                  0x017420e2
                                  0x017420e2
                                  0x017420e6
                                  0x017420ee
                                  0x017857dc
                                  0x017857de
                                  0x017857ec
                                  0x017857ec
                                  0x017857f1
                                  0x017857f3
                                  0x017857f8
                                  0x00000000
                                  0x017857f8
                                  0x017857e0
                                  0x017857e4
                                  0x017857ea
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017857ea
                                  0x017420f4
                                  0x017420f4
                                  0x017420f8
                                  0x017420f8
                                  0x017420fc
                                  0x01742100
                                  0x01742106
                                  0x01742201
                                  0x01742206
                                  0x0174220b
                                  0x0174220e
                                  0x017422a9
                                  0x017422ac
                                  0x00000000
                                  0x00000000
                                  0x017422b2
                                  0x017422b5
                                  0x01785801
                                  0x01785806
                                  0x00000000
                                  0x00000000
                                  0x01785810
                                  0x01785815
                                  0x01785818
                                  0x00000000
                                  0x00000000
                                  0x0178581e
                                  0x017422bb
                                  0x017422bb
                                  0x01742218
                                  0x01742218
                                  0x0174221c
                                  0x01742220
                                  0x01742222
                                  0x017422c2
                                  0x017422c4
                                  0x017422dc
                                  0x017422dc
                                  0x017422e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017422e7
                                  0x017422c8
                                  0x017422cd
                                  0x017422d3
                                  0x017422d6
                                  0x01785823
                                  0x01785825
                                  0x01785827
                                  0x00000000
                                  0x00000000
                                  0x0178582d
                                  0x00000000
                                  0x0178582d
                                  0x00000000
                                  0x01742228
                                  0x01742228
                                  0x00000000
                                  0x01742228
                                  0x01742222
                                  0x01742214
                                  0x01742214
                                  0x00000000
                                  0x01742114
                                  0x01742114
                                  0x01742114
                                  0x0174211a
                                  0x0174211c
                                  0x01742348
                                  0x0174234d
                                  0x01785840
                                  0x01785845
                                  0x01785848
                                  0x0178584e
                                  0x0178584e
                                  0x01785848
                                  0x01742353
                                  0x01742355
                                  0x01742388
                                  0x01742388
                                  0x01742368
                                  0x0174236a
                                  0x0174236c
                                  0x0174238f
                                  0x00000000
                                  0x0174236e
                                  0x0174236e
                                  0x0174218e
                                  0x0174218e
                                  0x01742191
                                  0x01742195
                                  0x01785a03
                                  0x01785a06
                                  0x01785a0c
                                  0x01785a0f
                                  0x01785a11
                                  0x01785a13
                                  0x01785a13
                                  0x01785a19
                                  0x01785a1f
                                  0x00000000
                                  0x0174219b
                                  0x0174219b
                                  0x017421a0
                                  0x01742282
                                  0x01742284
                                  0x01742284
                                  0x01742284
                                  0x01742284
                                  0x017421a6
                                  0x017421a9
                                  0x017421ac
                                  0x017421ae
                                  0x017421b3
                                  0x0174228b
                                  0x01742290
                                  0x01742379
                                  0x01742296
                                  0x01742298
                                  0x01742298
                                  0x01742290
                                  0x017421b9
                                  0x017421be
                                  0x017422a2
                                  0x017422a2
                                  0x017421c4
                                  0x017421c8
                                  0x017421cc
                                  0x017421d0
                                  0x017421d4
                                  0x017421de
                                  0x017421e3
                                  0x01785a29
                                  0x01785a2c
                                  0x00000000
                                  0x00000000
                                  0x01785a3b
                                  0x00000000
                                  0x017421e9
                                  0x017421e9
                                  0x017421e9
                                  0x017421ee
                                  0x017421f1
                                  0x01785a45
                                  0x01785a4b
                                  0x01785a52
                                  0x01785a58
                                  0x01785a5d
                                  0x01785a5f
                                  0x01785a71
                                  0x01785a61
                                  0x01785a6a
                                  0x01785a6a
                                  0x01785a76
                                  0x01785a79
                                  0x01785a7f
                                  0x01785a83
                                  0x01785a85
                                  0x01785a87
                                  0x01785a87
                                  0x01785a8c
                                  0x01785a91
                                  0x01785a97
                                  0x01785a9f
                                  0x01785aa0
                                  0x01785aa1
                                  0x01785aa6
                                  0x01785aab
                                  0x01785ab1
                                  0x01785ab3
                                  0x01785ab9
                                  0x01785aca
                                  0x01785ad4
                                  0x01785ad4
                                  0x01785ade
                                  0x01785ade
                                  0x01785aab
                                  0x01785a79
                                  0x01785a52
                                  0x017421f7
                                  0x017421f9
                                  0x017421fe
                                  0x017421fe
                                  0x017421e3
                                  0x01742195
                                  0x0174236c
                                  0x01742122
                                  0x01742122
                                  0x01742124
                                  0x01742231
                                  0x01742236
                                  0x01742236
                                  0x01742238
                                  0x01742238
                                  0x01742240
                                  0x01742242
                                  0x01742244
                                  0x017859fc
                                  0x0174218c
                                  0x0174218c
                                  0x00000000
                                  0x0174218c
                                  0x0174224a
                                  0x0174224f
                                  0x01742256
                                  0x01742304
                                  0x01742309
                                  0x0174230f
                                  0x0174231e
                                  0x0174231e
                                  0x0174231e
                                  0x01742320
                                  0x01742325
                                  0x0174232a
                                  0x0174232c
                                  0x0174233e
                                  0x0174233e
                                  0x00000000
                                  0x0174232c
                                  0x01742311
                                  0x01742317
                                  0x0174231a
                                  0x0174231c
                                  0x01742380
                                  0x01742380
                                  0x01742380
                                  0x01742384
                                  0x00000000
                                  0x00000000
                                  0x01742386
                                  0x00000000
                                  0x0174231c
                                  0x0174225c
                                  0x0174225c
                                  0x00000000
                                  0x0174225c
                                  0x0174212a
                                  0x01742134
                                  0x01742138
                                  0x0174213d
                                  0x01785858
                                  0x01785863
                                  0x01785863
                                  0x01785867
                                  0x0178586a
                                  0x00000000
                                  0x00000000
                                  0x0178586c
                                  0x0178586c
                                  0x01785871
                                  0x01785875
                                  0x01785877
                                  0x01785997
                                  0x0178599c
                                  0x017859a1
                                  0x017859a7
                                  0x017859a7
                                  0x00000000
                                  0x017859a7
                                  0x0178587d
                                  0x00000000
                                  0x0178588b
                                  0x0178588b
                                  0x01785890
                                  0x01785892
                                  0x01785894
                                  0x01785899
                                  0x0178589b
                                  0x017858a0
                                  0x017858a0
                                  0x017858aa
                                  0x017858b2
                                  0x017858b6
                                  0x017858be
                                  0x017858c6
                                  0x017858c9
                                  0x0178590d
                                  0x01785917
                                  0x0178591a
                                  0x0178591c
                                  0x01785920
                                  0x01785928
                                  0x0178592a
                                  0x0178592c
                                  0x0178592e
                                  0x0178592e
                                  0x017858cb
                                  0x017858cd
                                  0x017858d8
                                  0x017858e0
                                  0x017858f4
                                  0x017858fe
                                  0x017858fe
                                  0x0178593a
                                  0x0178593e
                                  0x01785940
                                  0x01785942
                                  0x00000000
                                  0x01785944
                                  0x01785944
                                  0x01785949
                                  0x0178594e
                                  0x0178594e
                                  0x01785953
                                  0x0178595b
                                  0x01785976
                                  0x01785976
                                  0x0178597a
                                  0x0178597f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01785981
                                  0x01785981
                                  0x01785981
                                  0x01785983
                                  0x01785988
                                  0x0178598d
                                  0x01785991
                                  0x01785991
                                  0x00000000
                                  0x0178595d
                                  0x0178595d
                                  0x01785963
                                  0x01785965
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01785967
                                  0x01785967
                                  0x0178596b
                                  0x0178596d
                                  0x00000000
                                  0x00000000
                                  0x0178596f
                                  0x01785971
                                  0x01785971
                                  0x01785974
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01785974
                                  0x00000000
                                  0x01785967
                                  0x0178595b
                                  0x01785942
                                  0x01785863
                                  0x01742143
                                  0x01742143
                                  0x01742149
                                  0x0174214f
                                  0x017422f1
                                  0x017422f6
                                  0x00000000
                                  0x01742173
                                  0x01742173
                                  0x0174217d
                                  0x01742181
                                  0x01742186
                                  0x017859ae
                                  0x017859b2
                                  0x017859b5
                                  0x017859b7
                                  0x017859ba
                                  0x017859cd
                                  0x017859d1
                                  0x017859d5
                                  0x017859d9
                                  0x017859db
                                  0x00000000
                                  0x00000000
                                  0x017859dd
                                  0x017859dd
                                  0x017859e1
                                  0x017859e4
                                  0x017859e7
                                  0x017859ee
                                  0x017859ee
                                  0x017859f3
                                  0x017859f3
                                  0x00000000
                                  0x01742186
                                  0x0174214f
                                  0x01742106
                                  0x01742266
                                  0x017420d8
                                  0x017420da
                                  0x017420e0
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4d90f777f750758c8627282f1fd422c17cbd2be664b58a79ff5852d194d2b673
                                  • Instruction ID: 533b723e2d69ecaf28f2086b6728444caa0bfa70e79b109feda6056a90036c00
                                  • Opcode Fuzzy Hash: 4d90f777f750758c8627282f1fd422c17cbd2be664b58a79ff5852d194d2b673
                                  • Instruction Fuzzy Hash: 62F11331A083419FE726DF2CD84476BFBE1AF85324F05856DF9959B282D734D851CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172849B Relevance: .3, Instructions: 290COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E0172849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x17ef9c0);
				E0176D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1807b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0172CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01732280( *[fs:0x30], 0x1808550);
						_t139 =  *0x1807b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0174F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0172FFB0(_t193, _t235, 0x1808550);
								L5:
								return E0176D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01711C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1807b9c; // 0x0
							_t235 = L01734620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1807b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0174A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0172FFB0(_t193, _t235, 0x1808550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L017377F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L017377F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1807b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1807b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E017537C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1807b9c; // 0x0
									_t214 = L01734620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E017537F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1807b10 =  *0x1807b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1807b04 =  *0x1807b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L017377F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L017377F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1807b08 =  *0x1807b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E017557C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0175F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L017377F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0174A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L017377F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E017596C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                  0x0172849b
                                  0x0172849b
                                  0x0172849b
                                  0x0172849b
                                  0x0172849d
                                  0x017284a2
                                  0x017284a7
                                  0x017284b1
                                  0x017284d8
                                  0x00000000
                                  0x017284b3
                                  0x017284c4
                                  0x017284c9
                                  0x017284cd
                                  0x017284cf
                                  0x017284cf
                                  0x017284d6
                                  0x017284e6
                                  0x017284e9
                                  0x017284ec
                                  0x017284ef
                                  0x017284f2
                                  0x017284f4
                                  0x017284fc
                                  0x01728501
                                  0x01728506
                                  0x01728509
                                  0x017286e0
                                  0x017286e5
                                  0x017286e8
                                  0x017286ed
                                  0x017286f0
                                  0x017286f2
                                  0x01779afd
                                  0x01779b02
                                  0x017284da
                                  0x017284df
                                  0x017284df
                                  0x017286fa
                                  0x017286fd
                                  0x017286fe
                                  0x01728701
                                  0x01728706
                                  0x01728709
                                  0x0172870b
                                  0x00000000
                                  0x00000000
                                  0x01728711
                                  0x01728725
                                  0x01728727
                                  0x0172872a
                                  0x0172872c
                                  0x01779af0
                                  0x01779af5
                                  0x01728732
                                  0x01728732
                                  0x01728732
                                  0x01728735
                                  0x01728737
                                  0x01728515
                                  0x01728515
                                  0x01728518
                                  0x0172851d
                                  0x01728523
                                  0x01728527
                                  0x0172852b
                                  0x01728537
                                  0x01728539
                                  0x0172853c
                                  0x0172853e
                                  0x0172868c
                                  0x01728691
                                  0x01728699
                                  0x0172869b
                                  0x01728744
                                  0x01728748
                                  0x017286a1
                                  0x017286a1
                                  0x017286a1
                                  0x017286a4
                                  0x017286a8
                                  0x01779bdf
                                  0x01779bdf
                                  0x017286ae
                                  0x017286b0
                                  0x00000000
                                  0x017286b6
                                  0x00000000
                                  0x01779be9
                                  0x017286b0
                                  0x01728544
                                  0x0172854a
                                  0x0172854d
                                  0x01728551
                                  0x0172876e
                                  0x01728778
                                  0x0172877b
                                  0x01728780
                                  0x01728557
                                  0x01728557
                                  0x0172855d
                                  0x0172855d
                                  0x0172856b
                                  0x0172856e
                                  0x01728570
                                  0x01728573
                                  0x01728576
                                  0x01728576
                                  0x01728579
                                  0x0172857b
                                  0x00000000
                                  0x00000000
                                  0x01728581
                                  0x017285a0
                                  0x017285a2
                                  0x017285a5
                                  0x017285a7
                                  0x01779b1b
                                  0x01779b1b
                                  0x0172862e
                                  0x0172862e
                                  0x01728631
                                  0x01728631
                                  0x01728634
                                  0x01728636
                                  0x01728669
                                  0x01728669
                                  0x0172866b
                                  0x01779bbf
                                  0x01779bc4
                                  0x01779bc8
                                  0x01779bce
                                  0x01779bce
                                  0x01728671
                                  0x01728671
                                  0x01728674
                                  0x01728676
                                  0x01779bae
                                  0x01779bae
                                  0x01728676
                                  0x0172867c
                                  0x0172867e
                                  0x01728688
                                  0x01728688
                                  0x00000000
                                  0x0172867e
                                  0x01728638
                                  0x01728638
                                  0x0172863b
                                  0x0172863e
                                  0x0172863f
                                  0x01728642
                                  0x01728645
                                  0x01728648
                                  0x0172864d
                                  0x01779b69
                                  0x01779b6e
                                  0x01779b7b
                                  0x01779b81
                                  0x01779b85
                                  0x01779b89
                                  0x01779ba7
                                  0x01779b8b
                                  0x01779b91
                                  0x01779b9a
                                  0x01779b9f
                                  0x01779b9f
                                  0x01728788
                                  0x0172878d
                                  0x01728763
                                  0x01728763
                                  0x01728766
                                  0x00000000
                                  0x01728766
                                  0x01779b70
                                  0x00000000
                                  0x01779b70
                                  0x01728656
                                  0x0172865a
                                  0x0172865c
                                  0x01728752
                                  0x01728756
                                  0x00000000
                                  0x00000000
                                  0x0172875e
                                  0x00000000
                                  0x0172875e
                                  0x01728662
                                  0x01728662
                                  0x01728662
                                  0x01728666
                                  0x00000000
                                  0x01728666
                                  0x017285b7
                                  0x017285b9
                                  0x017285bc
                                  0x017285bf
                                  0x017285cc
                                  0x017285d1
                                  0x017285d4
                                  0x017285db
                                  0x017285de
                                  0x017285e0
                                  0x01779b5f
                                  0x00000000
                                  0x01779b5f
                                  0x017285e6
                                  0x017285ea
                                  0x017286c3
                                  0x017286c5
                                  0x017286c8
                                  0x017286ca
                                  0x01779b16
                                  0x00000000
                                  0x01779b16
                                  0x017286d6
                                  0x017285f6
                                  0x017285f6
                                  0x017285f9
                                  0x01728602
                                  0x01728606
                                  0x0172860a
                                  0x0172860b
                                  0x0172860e
                                  0x01728611
                                  0x00000000
                                  0x01728611
                                  0x017285f3
                                  0x00000000
                                  0x017285f3
                                  0x01728619
                                  0x0172861e
                                  0x0172861e
                                  0x01728621
                                  0x01728622
                                  0x01728623
                                  0x01728625
                                  0x0172862c
                                  0x00000000
                                  0x0172873d
                                  0x00000000
                                  0x0172873d
                                  0x01728737
                                  0x0172850f
                                  0x01728512
                                  0x00000000
                                  0x01728512
                                  0x00000000
                                  0x017284d6

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7d74353bb81664e1230744e1d415c5b69b7f3fa7b923e4a06a50eb66012fb07f
                                  • Instruction ID: 354d67a304e5c9743639502f20cd963f4a1ea2925b82a76c4b5528750d14c774
                                  • Opcode Fuzzy Hash: 7d74353bb81664e1230744e1d415c5b69b7f3fa7b923e4a06a50eb66012fb07f
                                  • Instruction Fuzzy Hash: 35B17B70E01219DFDB25DFE9C984AADFBF5BF48304F10412AE505AB346D771A942CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171C600 Relevance: .2, Instructions: 225COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0171C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x180d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01726D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0175B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1807b9c; // 0x0
					_t74 = L01734620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01759650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L017377F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0175F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E017513C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L017377F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01759650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                  0x0171c608
                                  0x0171c615
                                  0x0171c625
                                  0x0171c62d
                                  0x0171c635
                                  0x0171c640
                                  0x0171c680
                                  0x0171c687
                                  0x0171c688
                                  0x0171c689
                                  0x0171c694
                                  0x0171c694
                                  0x0171c642
                                  0x0171c64a
                                  0x0171c697
                                  0x01787a25
                                  0x01787a2b
                                  0x01787a2e
                                  0x01787a30
                                  0x01787bea
                                  0x01787bea
                                  0x00000000
                                  0x01787bea
                                  0x01787a36
                                  0x01787a43
                                  0x01787a48
                                  0x01787a4c
                                  0x01787a4e
                                  0x00000000
                                  0x00000000
                                  0x01787a58
                                  0x01787a5a
                                  0x01787a5b
                                  0x01787a5c
                                  0x01787a5d
                                  0x01787a63
                                  0x01787a64
                                  0x01787a6a
                                  0x01787a6c
                                  0x01787a6e
                                  0x017879cb
                                  0x017879cb
                                  0x017879ce
                                  0x017879d0
                                  0x01787a98
                                  0x01787a9b
                                  0x01787a9b
                                  0x01787a9e
                                  0x01787aa1
                                  0x01787bbe
                                  0x01787bbe
                                  0x01787bc0
                                  0x01787be0
                                  0x01787be0
                                  0x01787a01
                                  0x01787a01
                                  0x01787a05
                                  0x01787a07
                                  0x01787a15
                                  0x01787a15
                                  0x01787a1a
                                  0x00000000
                                  0x01787a1a
                                  0x01787bc2
                                  0x01787bc6
                                  0x01787bc9
                                  0x01787bcd
                                  0x01787bcf
                                  0x017879e6
                                  0x017879e6
                                  0x017879eb
                                  0x017879eb
                                  0x017879ef
                                  0x017879f1
                                  0x00000000
                                  0x00000000
                                  0x017879f3
                                  0x017879f5
                                  0x017879ff
                                  0x017879ff
                                  0x00000000
                                  0x017879ff
                                  0x017879f7
                                  0x017879fd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017879fd
                                  0x01787bd5
                                  0x01787bd8
                                  0x00000000
                                  0x00000000
                                  0x01787ba9
                                  0x01787bac
                                  0x01787bb0
                                  0x01787bb1
                                  0x01787bb1
                                  0x01787bb6
                                  0x00000000
                                  0x01787bb6
                                  0x01787aa7
                                  0x01787aaa
                                  0x00000000
                                  0x00000000
                                  0x01787ab2
                                  0x01787ab3
                                  0x01787ab5
                                  0x01787aec
                                  0x01787aef
                                  0x01787b25
                                  0x01787b28
                                  0x01787b62
                                  0x01787b64
                                  0x01787b8f
                                  0x01787b92
                                  0x01787b96
                                  0x01787b98
                                  0x00000000
                                  0x00000000
                                  0x01787b9e
                                  0x01787b9f
                                  0x01787ba3
                                  0x00000000
                                  0x01787ba3
                                  0x01787b66
                                  0x01787b68
                                  0x01787ae2
                                  0x01787ae2
                                  0x00000000
                                  0x01787ae2
                                  0x01787b6e
                                  0x01787b72
                                  0x01787b75
                                  0x01787b81
                                  0x01787b85
                                  0x01787b87
                                  0x00000000
                                  0x00000000
                                  0x01787b31
                                  0x01787b34
                                  0x01787b3c
                                  0x01787b45
                                  0x01787b46
                                  0x01787b4f
                                  0x01787b51
                                  0x01787b57
                                  0x01787b59
                                  0x01787b59
                                  0x00000000
                                  0x01787b59
                                  0x01787b77
                                  0x00000000
                                  0x01787b77
                                  0x01787b2a
                                  0x00000000
                                  0x01787b2a
                                  0x01787af1
                                  0x01787af3
                                  0x00000000
                                  0x00000000
                                  0x01787afb
                                  0x01787afc
                                  0x01787afe
                                  0x00000000
                                  0x00000000
                                  0x01787b00
                                  0x01787b03
                                  0x00000000
                                  0x00000000
                                  0x01787b05
                                  0x01787b09
                                  0x01787b0d
                                  0x01787b0f
                                  0x00000000
                                  0x00000000
                                  0x01787b18
                                  0x01787b1d
                                  0x00000000
                                  0x01787b1d
                                  0x01787ab7
                                  0x01787ab9
                                  0x00000000
                                  0x00000000
                                  0x01787abf
                                  0x01787ac1
                                  0x00000000
                                  0x00000000
                                  0x01787ac3
                                  0x01787ac6
                                  0x00000000
                                  0x00000000
                                  0x01787ac8
                                  0x01787acc
                                  0x01787ad0
                                  0x01787ad2
                                  0x00000000
                                  0x00000000
                                  0x01787adb
                                  0x00000000
                                  0x01787adb
                                  0x017879d6
                                  0x017879d9
                                  0x017879dc
                                  0x01787a91
                                  0x01787a94
                                  0x00000000
                                  0x01787a94
                                  0x017879e2
                                  0x00000000
                                  0x017879e2
                                  0x01787a74
                                  0x01787a7a
                                  0x00000000
                                  0x00000000
                                  0x01787a8a
                                  0x01787a21
                                  0x01787a21
                                  0x00000000
                                  0x01787a21
                                  0x0171c650
                                  0x0171c651
                                  0x0171c656
                                  0x0171c65c
                                  0x0171c65d
                                  0x0171c663
                                  0x0171c664
                                  0x0171c66a
                                  0x0171c66e
                                  0x017879c5
                                  0x017879c7
                                  0x00000000
                                  0x017879c7
                                  0x0171c67a
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8356a7ae243cb7ce57e56ec998b0419ea030a785178b731ddfa2fc449e043f8b
                                  • Instruction ID: ec3605a90b6455e4a1e0ae69e7c7d2271509003f635c3381292220a3bcfd3944
                                  • Opcode Fuzzy Hash: 8356a7ae243cb7ce57e56ec998b0419ea030a785178b731ddfa2fc449e043f8b
                                  • Instruction Fuzzy Hash: 26819776684201DBDB1ADF5CC880A7AF7E5EB84354F244859EE469B245D330EE41CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017AB8D0 Relevance: .2, Instructions: 199COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 39%
                                  			E017AB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1807b9c; // 0x0
				_t124 = L01734620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01759800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E017595B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E017595D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L017377F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01759910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E017595D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1807b9c; // 0x0
									_t92 = L01734620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01759910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0171A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E017AE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E017AE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E017595B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                  0x017ab8d9
                                  0x017ab8e4
                                  0x00000000
                                  0x017ab8e6
                                  0x017ab8f3
                                  0x017ab8f5
                                  0x017ab8f5
                                  0x017ab8f8
                                  0x017ab920
                                  0x017ab924
                                  0x017ab936
                                  0x017ab939
                                  0x017ab93d
                                  0x017ab948
                                  0x017ab9a0
                                  0x017ab9a0
                                  0x017ab9a4
                                  0x017ab9bf
                                  0x017ab9c4
                                  0x017ab9c6
                                  0x017ab9cd
                                  0x017ab9d1
                                  0x017abad4
                                  0x017abad8
                                  0x017abada
                                  0x017abadc
                                  0x017abadc
                                  0x017abadf
                                  0x017abae0
                                  0x017abae2
                                  0x017abae4
                                  0x017abaec
                                  0x017abaee
                                  0x017abaf0
                                  0x017abaf0
                                  0x017abaec
                                  0x017abafb
                                  0x017abafc
                                  0x017abafe
                                  0x017abb01
                                  0x017abb01
                                  0x00000000
                                  0x017abb06
                                  0x017ab9d7
                                  0x017ab9db
                                  0x017ab9db
                                  0x017ab9de
                                  0x017ab9de
                                  0x017ab9e4
                                  0x017ab9e7
                                  0x017ab9ea
                                  0x017ab9ec
                                  0x017ab9ef
                                  0x017ab9f3
                                  0x017aba1b
                                  0x017aba1b
                                  0x017aba23
                                  0x017aba24
                                  0x017aba27
                                  0x017aba2a
                                  0x017aba2b
                                  0x017aba2e
                                  0x017aba30
                                  0x017aba37
                                  0x017aba3f
                                  0x017aba9c
                                  0x017abaa2
                                  0x017abb13
                                  0x017abb15
                                  0x017abaae
                                  0x017abaae
                                  0x017abab3
                                  0x017abab5
                                  0x017ababa
                                  0x017abac8
                                  0x017abac8
                                  0x017ababa
                                  0x017abacd
                                  0x017abacf
                                  0x00000000
                                  0x017abacf
                                  0x017abb1a
                                  0x00000000
                                  0x017abb1c
                                  0x017abaa7
                                  0x017abb11
                                  0x00000000
                                  0x017abb11
                                  0x017abaa9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017aba41
                                  0x017aba41
                                  0x017aba41
                                  0x017aba58
                                  0x017aba5d
                                  0x017aba62
                                  0x00000000
                                  0x00000000
                                  0x017aba64
                                  0x017aba67
                                  0x017aba68
                                  0x017aba69
                                  0x017aba6c
                                  0x017aba6f
                                  0x017aba71
                                  0x017aba78
                                  0x017aba80
                                  0x00000000
                                  0x00000000
                                  0x017aba90
                                  0x017aba90
                                  0x017aba97
                                  0x00000000
                                  0x017aba97
                                  0x017ab9f5
                                  0x017ab9f7
                                  0x017ab9f7
                                  0x017ab9fa
                                  0x017aba03
                                  0x017aba07
                                  0x017aba0c
                                  0x017aba10
                                  0x017aba17
                                  0x00000000
                                  0x017ab9f7
                                  0x017ab9a6
                                  0x017ab9a8
                                  0x017ab9af
                                  0x017ab9b3
                                  0x00000000
                                  0x00000000
                                  0x017ab9b9
                                  0x00000000
                                  0x017ab9b9
                                  0x017ab94d
                                  0x017ab98f
                                  0x017ab995
                                  0x017ab999
                                  0x017ab960
                                  0x017ab967
                                  0x017ab968
                                  0x017ab96a
                                  0x00000000
                                  0x017ab96a
                                  0x017ab99b
                                  0x017ab99e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017ab99e
                                  0x017ab951
                                  0x017ab954
                                  0x017ab95a
                                  0x017ab95e
                                  0x017ab972
                                  0x017ab979
                                  0x017ab97d
                                  0x017ab97f
                                  0x017ab980
                                  0x017ab982
                                  0x017ab984
                                  0x00000000
                                  0x017ab984
                                  0x00000000
                                  0x017ab926
                                  0x00000000
                                  0x017ab926

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1eff56ddbb7c56b97d14d46570c113ec39a21671b28c02ab40601d8f052ca20a
                                  • Instruction ID: f782936bda0129b223f5df83ec0141432b78d080e8eb1b2344de17bf3fd851bb
                                  • Opcode Fuzzy Hash: 1eff56ddbb7c56b97d14d46570c113ec39a21671b28c02ab40601d8f052ca20a
                                  • Instruction Fuzzy Hash: CB710132200B06EFE732CF28C858F56FBE5EB80724F544628E655876A1DB75EA40DB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01796DC9 Relevance: .2, Instructions: 199COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E01796DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01796B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01737D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01759AE0();
					_t87 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0179795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0179795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0179795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0179795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01734620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01796B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01796B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01796B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01796B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01737D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01759AE0();
								L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01732400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01732400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01732400( &_v52);
							}
							if(_v28 >= 0) {
								return L01732400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                  0x01796dd4
                                  0x01796dde
                                  0x01796de1
                                  0x01796de3
                                  0x01796de6
                                  0x01796de9
                                  0x01796dec
                                  0x01796def
                                  0x01796df2
                                  0x01796df5
                                  0x01796dfe
                                  0x01796e04
                                  0x01796e09
                                  0x01796e0d
                                  0x01796e18
                                  0x01796e1b
                                  0x01796e22
                                  0x01796e2d
                                  0x01796e30
                                  0x01796e36
                                  0x01796e42
                                  0x01796e4d
                                  0x01796e50
                                  0x01796e55
                                  0x01796e5c
                                  0x01796e6e
                                  0x01796e5e
                                  0x01796e67
                                  0x01796e67
                                  0x01796e73
                                  0x01796e74
                                  0x01796e77
                                  0x01796e7c
                                  0x01796e7d
                                  0x01796e8e
                                  0x01796e93
                                  0x01796e9c
                                  0x01796ea8
                                  0x01796eab
                                  0x01796eac
                                  0x01796eb3
                                  0x01796ecd
                                  0x01796edc
                                  0x01796ee2
                                  0x01796ee5
                                  0x01796ef2
                                  0x01796efb
                                  0x01796f01
                                  0x01796f06
                                  0x01796f0b
                                  0x01796f11
                                  0x01796f1a
                                  0x01796f22
                                  0x01796f26
                                  0x01796f26
                                  0x01796f33
                                  0x01796f41
                                  0x01796f44
                                  0x01796f47
                                  0x01796f54
                                  0x01796f65
                                  0x01796f77
                                  0x01796f7c
                                  0x01796f82
                                  0x01796f91
                                  0x01796f99
                                  0x01796fa3
                                  0x01796fae
                                  0x01796fae
                                  0x01796fba
                                  0x01796fbb
                                  0x01796fbc
                                  0x01796fc1
                                  0x01796fc2
                                  0x01796fd3
                                  0x01796fd8
                                  0x01796fd8
                                  0x01796fdf
                                  0x01796fe8
                                  0x01796fee
                                  0x01796fee
                                  0x01796ff5
                                  0x01796ffb
                                  0x01796ffb
                                  0x01797004
                                  0x00000000
                                  0x0179700a
                                  0x01797004
                                  0x01796eb3
                                  0x01796e9c
                                  0x01797015

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                  • Instruction ID: 1d079cb2349eeff0e187cc4e591c99ccbba40ca9e604db0196ff16524b9a6c74
                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                  • Instruction Fuzzy Hash: A9718F71A00609EFCF14DFA8D984AEEFBB9FF48710F104169E505E7251DB30AA45CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017152A5 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E017152A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0172EEF0(0x18079a0);
					_t104 =  *0x1808210; // 0x11b2c70
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0172EB70(_t93, 0x18079a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01759890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0172EEF0(0x18079a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0172EB70(0, 0x18079a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x11b2c7d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0174F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0172EEF0(0x18079a0);
									__eflags =  *0x1808210 - _t104; // 0x11b2c70
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1808210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01794888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0172EB70(_t95, 0x18079a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017595D0();
											L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017595D0();
											L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0172EB70(_t93, 0x18079a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017595D0();
										L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017595D0();
										L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0174F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                  0x017152a5
                                  0x017152ad
                                  0x017152b0
                                  0x017152b3
                                  0x017152b7
                                  0x017152ba
                                  0x017152bf
                                  0x017152c4
                                  0x017152cc
                                  0x00000000
                                  0x00000000
                                  0x017152ce
                                  0x017152d9
                                  0x017152dd
                                  0x017152e7
                                  0x017152f7
                                  0x017152f9
                                  0x017152fd
                                  0x01770dcf
                                  0x01770dd5
                                  0x01770dd6
                                  0x01770dd7
                                  0x01770dd8
                                  0x01770dd9
                                  0x01770dde
                                  0x01770ddf
                                  0x01770de0
                                  0x01770de1
                                  0x01770de2
                                  0x01770de5
                                  0x01770dea
                                  0x01770dec
                                  0x01770f60
                                  0x01770f64
                                  0x01770f70
                                  0x01770f76
                                  0x01770f79
                                  0x01770f79
                                  0x00000000
                                  0x01770f64
                                  0x01770df2
                                  0x01770df7
                                  0x01770e04
                                  0x01770e0d
                                  0x01770e0d
                                  0x01770e10
                                  0x01770e1a
                                  0x01770e1c
                                  0x01770e4c
                                  0x01770e52
                                  0x01770e61
                                  0x01770e67
                                  0x01770e6b
                                  0x01770e70
                                  0x01770e76
                                  0x01770ed7
                                  0x01770edc
                                  0x01770ee0
                                  0x01770ee6
                                  0x01770eea
                                  0x01770eed
                                  0x01770ef0
                                  0x01770ef3
                                  0x01770ef6
                                  0x01770ef9
                                  0x01770efe
                                  0x01770f01
                                  0x01770f01
                                  0x01770f0b
                                  0x01770f12
                                  0x01770f16
                                  0x01770f18
                                  0x01770f1b
                                  0x01770f2c
                                  0x01770f31
                                  0x01770f31
                                  0x01770f35
                                  0x01770f39
                                  0x01770f3a
                                  0x01770f3c
                                  0x01770f3f
                                  0x01770f50
                                  0x01770f55
                                  0x01770f55
                                  0x01770f59
                                  0x017152eb
                                  0x017152f1
                                  0x017152f1
                                  0x01770e7d
                                  0x01770e84
                                  0x01770e88
                                  0x01770e8a
                                  0x01770e8d
                                  0x01770e9e
                                  0x01770ea3
                                  0x01770ea3
                                  0x01770ea7
                                  0x01770eaf
                                  0x01770eb3
                                  0x01770eb9
                                  0x01770eb9
                                  0x01770ebc
                                  0x01770ecd
                                  0x01770ecd
                                  0x00000000
                                  0x01770eb3
                                  0x01770e21
                                  0x01770e2b
                                  0x01770e2f
                                  0x01770e30
                                  0x01770e3a
                                  0x01770e3f
                                  0x01770e41
                                  0x00000000
                                  0x00000000
                                  0x01770e47
                                  0x00000000
                                  0x01770e47
                                  0x01770df9
                                  0x01770dfe
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01770dfe
                                  0x01715303
                                  0x01715307
                                  0x00000000
                                  0x01715309
                                  0x00000000
                                  0x01715309
                                  0x01715307
                                  0x017152e9
                                  0x017152e9
                                  0x00000000
                                  0x017152e9
                                  0x0171530e
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 626f3edcca2faa7dc60aebda4a0a2df2f2d6ba837db84d37e5764ba0adbd2bdc
                                  • Instruction ID: 7a31069bb76ccb712e7f8c7ce3fe92298ae7da8158eaaa6d07f14a1f8b06ae7b
                                  • Opcode Fuzzy Hash: 626f3edcca2faa7dc60aebda4a0a2df2f2d6ba837db84d37e5764ba0adbd2bdc
                                  • Instruction Fuzzy Hash: 5E51DCB1205342AFD722EF28C844B27FBA4FFA5714F10091EF49587695E7B4E940CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01742AE4 Relevance: .2, Instructions: 159COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01742AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1808204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1808208; // 0x1808207
				_t8 = _t57 + 0x1808208; // 0x1808207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1808450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x180821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1806d5c; // 0x7fe50654
							_t72 =  *0x1806d5c; // 0x7fe50654
							_t75 =  *0x1806d5c; // 0x7fe50654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1806d5c; // 0x7fe50654
							_t84 =  *0x1806d5c; // 0x7fe50654
							_t87 =  *0x1806d5c; // 0x7fe50654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0175F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                  0x01742ae4
                                  0x01742aec
                                  0x01742aef
                                  0x01742af4
                                  0x01742af7
                                  0x01742afd
                                  0x01742b92
                                  0x01742b92
                                  0x01742b97
                                  0x01742b9c
                                  0x01742b9c
                                  0x01742b03
                                  0x01742b06
                                  0x01742b09
                                  0x01742b09
                                  0x01742b0f
                                  0x01742b15
                                  0x01742b15
                                  0x01742b1b
                                  0x01742b1e
                                  0x01742b21
                                  0x01742b26
                                  0x01742b29
                                  0x01742b81
                                  0x01742b84
                                  0x01742c0e
                                  0x01742c15
                                  0x01742c24
                                  0x01742c24
                                  0x01742b8a
                                  0x01742b8a
                                  0x01742b8a
                                  0x01742b8a
                                  0x01742b90
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01742b4a
                                  0x01742b4a
                                  0x01742b4d
                                  0x01742b53
                                  0x00000000
                                  0x00000000
                                  0x01742b55
                                  0x01742b58
                                  0x01742bb7
                                  0x01785d1b
                                  0x01785d37
                                  0x01785d47
                                  0x01785d53
                                  0x01742bbd
                                  0x01742bbd
                                  0x01742bbd
                                  0x01742bb7
                                  0x01742b5d
                                  0x01742c2f
                                  0x01785d5b
                                  0x01785d77
                                  0x01785d87
                                  0x01785d93
                                  0x01742c35
                                  0x01742c35
                                  0x01742c35
                                  0x01742c2f
                                  0x01742b65
                                  0x01742b9f
                                  0x01742ba2
                                  0x01742b67
                                  0x01742b67
                                  0x01742b69
                                  0x01742b6b
                                  0x01742b6e
                                  0x01742bc9
                                  0x01742bcc
                                  0x01742bcf
                                  0x01742bd4
                                  0x01742bd6
                                  0x01742bd6
                                  0x01742bdb
                                  0x01742c02
                                  0x01742c05
                                  0x01742c07
                                  0x00000000
                                  0x01742c07
                                  0x01742be0
                                  0x01742c00
                                  0x01742c3f
                                  0x01742c3f
                                  0x00000000
                                  0x01742c00
                                  0x01742be5
                                  0x01742be7
                                  0x01742bec
                                  0x01742bf4
                                  0x01742bf6
                                  0x00000000
                                  0x01742bf6
                                  0x01742b70
                                  0x01742b76
                                  0x01742b2b
                                  0x01742b2b
                                  0x01742b2d
                                  0x01742b2f
                                  0x01742b32
                                  0x01742b35
                                  0x01742b3a
                                  0x00000000
                                  0x01742b40
                                  0x01742b43
                                  0x01742b45
                                  0x01742b47
                                  0x01742b4a
                                  0x01742b4d
                                  0x01742b53
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01742b53
                                  0x01742b78
                                  0x01742b78
                                  0x01742b7b
                                  0x01742b7e
                                  0x00000000
                                  0x01742b7e
                                  0x01742b76
                                  0x01742ba5
                                  0x01742ba5
                                  0x01742ba8
                                  0x01742bad
                                  0x00000000
                                  0x00000000
                                  0x01742baf
                                  0x01742baf
                                  0x01742bc2
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f3a3ad436a982255466b52d15f3f5ef61f18d7e697ad17b182fd8fc6b92af13
                                  • Instruction ID: e20c01a81fad91cb0107bc4074d0c68d652e408d63908a6116d0cfb16fcc764e
                                  • Opcode Fuzzy Hash: 1f3a3ad436a982255466b52d15f3f5ef61f18d7e697ad17b182fd8fc6b92af13
                                  • Instruction Fuzzy Hash: 14519F76A00119CFCB15CF1CD8909BDF7B1FB88700716845AF8469B326E730AAA1CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017DAE44 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E017DAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E017DC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E017DACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E017DFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E017DEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01737D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E017D1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E017E1536(0x1808ae4, (_t74 -  *0x1808b04 >> 0x14) + (_t74 -  *0x1808b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L017DC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E017DA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E017BCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E017DACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                  0x017dae44
                                  0x017dae4c
                                  0x017dae53
                                  0x017dae55
                                  0x017dae5c
                                  0x017dae64
                                  0x017dae68
                                  0x017dae75
                                  0x017dae75
                                  0x017dae78
                                  0x017dae7a
                                  0x017dae7c
                                  0x017dae7f
                                  0x017daea8
                                  0x017daeab
                                  0x017daead
                                  0x00000000
                                  0x00000000
                                  0x017daeb3
                                  0x017daeb8
                                  0x017daebb
                                  0x017daebd
                                  0x00000000
                                  0x017dae81
                                  0x017dae88
                                  0x017dae8f
                                  0x017dae9b
                                  0x017dae96
                                  0x017dae96
                                  0x017dae96
                                  0x017daea0
                                  0x017daea3
                                  0x017daebf
                                  0x017daebf
                                  0x017daec3
                                  0x017daec9
                                  0x017daf0d
                                  0x017daf14
                                  0x017daf3d
                                  0x017daf3d
                                  0x017daf41
                                  0x017daf44
                                  0x017daf67
                                  0x017daf67
                                  0x017daf6a
                                  0x017dafca
                                  0x017dafd1
                                  0x00000000
                                  0x017dafd1
                                  0x017daf6c
                                  0x017daf6d
                                  0x017daf75
                                  0x017daf7c
                                  0x017daf7e
                                  0x017daf80
                                  0x017daf85
                                  0x017daf87
                                  0x017daf99
                                  0x017daf89
                                  0x017daf92
                                  0x017daf92
                                  0x017daf9e
                                  0x017dafa1
                                  0x017dafa3
                                  0x017dafa9
                                  0x017dafb0
                                  0x017dafb2
                                  0x017dafb4
                                  0x017dafbc
                                  0x017dafbc
                                  0x017dafb4
                                  0x017dafb0
                                  0x00000000
                                  0x017dafa1
                                  0x017daf4f
                                  0x017daf57
                                  0x017daf5c
                                  0x017daf5e
                                  0x00000000
                                  0x00000000
                                  0x017daf60
                                  0x017daf64
                                  0x017daf64
                                  0x00000000
                                  0x017daf64
                                  0x017daf1a
                                  0x017daf25
                                  0x00000000
                                  0x00000000
                                  0x017daf27
                                  0x017daf28
                                  0x017daf33
                                  0x00000000
                                  0x017daed0
                                  0x017daed0
                                  0x017daed2
                                  0x017daee1
                                  0x017daee4
                                  0x00000000
                                  0x00000000
                                  0x017daee6
                                  0x017daeec
                                  0x00000000
                                  0x00000000
                                  0x017daefb
                                  0x017daf07
                                  0x017dafd3
                                  0x017dafdb
                                  0x017dafdb
                                  0x00000000
                                  0x017daf07
                                  0x017daed6
                                  0x017daed8
                                  0x017daedf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x017daedf
                                  0x017daec9

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 097c2bedc6e992c86d4e085b45f416c810a6292cc0e883f59ca1292c9ea14053
                                  • Instruction ID: af3bde16ff68495694995a5446bc2fe554645fe3c4fe81fa9b1ad3d551e0c5e2
                                  • Opcode Fuzzy Hash: 097c2bedc6e992c86d4e085b45f416c810a6292cc0e883f59ca1292c9ea14053
                                  • Instruction Fuzzy Hash: A04106B17002195BDB26CB29C898B7BF7B9BF84620F084299F916872D4DB34D841C691
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173DBE9 Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E0173DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0171CC50(E01714510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01737D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E017E8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01732280(_t58, _v44);
						E0173DD82(_v44, _t102, _t98);
						E0173B944(_t102, _v5);
						return E0172FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1808628; // 0x0
							_v28 = _t67;
							_t68 =  *0x180862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1808628; // 0x0
						_t105 = _v28;
						_t80 =  *0x180862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x17dfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                  0x0173dbe9
                                  0x0173dbf2
                                  0x0173dbf7
                                  0x0173dbf9
                                  0x0173dbfc
                                  0x0173dc00
                                  0x0173dc03
                                  0x0173dc14
                                  0x0173dd54
                                  0x0173dd54
                                  0x0173dd54
                                  0x0173dc18
                                  0x0173dc1d
                                  0x0173dc1d
                                  0x0173dc32
                                  0x0173dc3b
                                  0x0173dc3e
                                  0x0173dc46
                                  0x0173dd5b
                                  0x0173dd62
                                  0x0173dd64
                                  0x0173dd67
                                  0x0173dd69
                                  0x0173dd6b
                                  0x0173dd6e
                                  0x0173dd70
                                  0x0173dd73
                                  0x0173dd73
                                  0x00000000
                                  0x0173dc4c
                                  0x0173dc4e
                                  0x01783ae3
                                  0x01783ae8
                                  0x01783aea
                                  0x0173dce7
                                  0x0173dce9
                                  0x0173dcec
                                  0x0173dcee
                                  0x0173dcf0
                                  0x0173dcf3
                                  0x0173dcf5
                                  0x01783af2
                                  0x01783af5
                                  0x01783af5
                                  0x0173dd06
                                  0x0173dd08
                                  0x0173dd0b
                                  0x0173dd12
                                  0x01783b08
                                  0x0173dd18
                                  0x0173dd18
                                  0x0173dd18
                                  0x0173dd20
                                  0x0173dd23
                                  0x01783b16
                                  0x01783b16
                                  0x0173dd29
                                  0x0173dd2d
                                  0x0173dd36
                                  0x0173dd40
                                  0x0173dd51
                                  0x0173dd51
                                  0x0173dc54
                                  0x0173dc59
                                  0x0173dc59
                                  0x0173dc5e
                                  0x0173dc5e
                                  0x0173dc63
                                  0x0173dc66
                                  0x0173dc6b
                                  0x0173dc78
                                  0x0173dc7b
                                  0x0173dc81
                                  0x0173dc81
                                  0x0173dc83
                                  0x0173dc89
                                  0x00000000
                                  0x00000000
                                  0x0173dd7b
                                  0x0173dd7b
                                  0x0173dc8f
                                  0x0173dc8f
                                  0x0173dc92
                                  0x0173dc99
                                  0x0173dc9f
                                  0x0173dca5
                                  0x0173dcaa
                                  0x0173dcaa
                                  0x0173dcb3
                                  0x0173dcb8
                                  0x0173dcbb
                                  0x0173dcc1
                                  0x0173dccf
                                  0x0173dcd2
                                  0x0173dcd5
                                  0x0173dcd7
                                  0x0173dcda
                                  0x0173dcdc
                                  0x0173dcdc
                                  0x0173dce2
                                  0x0173dce4
                                  0x00000000
                                  0x0173dce4

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0eebb5a266d71b806cdb0743ff12c2e28d3597ddfe6ed2017b174f7d45fda449
                                  • Instruction ID: b317120a30c0b98e0eb7ce027d2084bc195314f8fc02539dc59c91aa4cad196c
                                  • Opcode Fuzzy Hash: 0eebb5a266d71b806cdb0743ff12c2e28d3597ddfe6ed2017b174f7d45fda449
                                  • Instruction Fuzzy Hash: 1351A3B1E00616DFCB25DFACC484AAEFBF1BF88310F25815AD555A7346DB30A984CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172EF40 Relevance: .1, Instructions: 147COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0172EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01719080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7729c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01712D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                  0x0172ef4b
                                  0x0172ef4d
                                  0x0172ef57
                                  0x0172f0bd
                                  0x0172f0c2
                                  0x0172f0d2
                                  0x0172f0d2
                                  0x0172f0c2
                                  0x0172ef5d
                                  0x0172ef5f
                                  0x0172ef67
                                  0x0172ef6a
                                  0x0172ef6d
                                  0x0172ef74
                                  0x0172ef7f
                                  0x0172ef82
                                  0x0172ef82
                                  0x0172ef86
                                  0x0172ef88
                                  0x0172ef8c
                                  0x0172ef8f
                                  0x0172ef8f
                                  0x0172ef8f
                                  0x00000000
                                  0x0172ef91
                                  0x0172ef93
                                  0x0172efc4
                                  0x0172efc4
                                  0x0172efc4
                                  0x0172efca
                                  0x0172efd0
                                  0x0172f0a6
                                  0x00000000
                                  0x00000000
                                  0x0172f0af
                                  0x0177bb06
                                  0x0177bb0a
                                  0x0172f0b5
                                  0x0172f0b5
                                  0x0172f0b5
                                  0x0172f0b5
                                  0x00000000
                                  0x0172efd6
                                  0x0172efd9
                                  0x0172f0de
                                  0x0172f0e2
                                  0x0172efdf
                                  0x0172efdf
                                  0x0172efdf
                                  0x0172efe5
                                  0x0177bafc
                                  0x0177bafc
                                  0x0172efe5
                                  0x0172efeb
                                  0x0172efed
                                  0x0172f00f
                                  0x0172f011
                                  0x0172f01a
                                  0x0172f01d
                                  0x0172f021
                                  0x0172f028
                                  0x0172f029
                                  0x0172f029
                                  0x0172f02c
                                  0x00000000
                                  0x0172f02c
                                  0x0172eff3
                                  0x0172eff9
                                  0x0172f0ea
                                  0x0172f0ed
                                  0x0172f0ef
                                  0x00000000
                                  0x0172f0ef
                                  0x0172f003
                                  0x0177bb12
                                  0x0172f045
                                  0x0172f049
                                  0x0172f051
                                  0x0172f09e
                                  0x0172f0a0
                                  0x0172f0a0
                                  0x0172f09e
                                  0x0172f053
                                  0x0172f064
                                  0x0172f064
                                  0x0172f06b
                                  0x0177bb1a
                                  0x0177bb1a
                                  0x0172f071
                                  0x0172f071
                                  0x0172f07d
                                  0x0172f082
                                  0x0172f08f
                                  0x0172f08f
                                  0x0172f009
                                  0x0172f00d
                                  0x00000000
                                  0x0172f00d
                                  0x0172efd0
                                  0x0172ef97
                                  0x0172efa5
                                  0x0172efaa
                                  0x00000000
                                  0x0172efac
                                  0x0172efac
                                  0x0172efac
                                  0x00000000
                                  0x0172efb2
                                  0x0172f036
                                  0x0172f03a
                                  0x0172f040
                                  0x0172f090
                                  0x00000000
                                  0x0172f092
                                  0x0172f042
                                  0x00000000
                                  0x0172f042
                                  0x0172efb7
                                  0x0172efb9
                                  0x0172efbc
                                  0x0172efb0
                                  0x0172efb0
                                  0x00000000
                                  0x0172efbe
                                  0x0172efbe
                                  0x0172efc1
                                  0x00000000
                                  0x0172efc1
                                  0x0172efbc
                                  0x0172efaa
                                  0x0172ef91

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                  • Instruction ID: 94ebd5ee0ec0c693b08d89b52464add445af3735d7bd98f7b59aee5604ec56ca
                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                  • Instruction Fuzzy Hash: 76510430E04269DFEB25CB6CC1D4BAEFBF1EF05314F1881A8D94597282C779A98AC751
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E740D Relevance: .1, Instructions: 141COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E017E740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0176D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0175F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01734620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01734620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0175F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01734620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                  0x017e740d
                                  0x017e740d
                                  0x017e7412
                                  0x017e7413
                                  0x017e7416
                                  0x017e7418
                                  0x017e741c
                                  0x017e741f
                                  0x017e7422
                                  0x017e7422
                                  0x017e7428
                                  0x017e742a
                                  0x017e742a
                                  0x017e7451
                                  0x017e7432
                                  0x017e744f
                                  0x017e744f
                                  0x00000000
                                  0x017e7434
                                  0x017e7438
                                  0x017e7443
                                  0x017e7517
                                  0x017e7517
                                  0x017e751a
                                  0x017e7535
                                  0x017e7520
                                  0x017e7527
                                  0x017e752c
                                  0x017e7531
                                  0x017e7533
                                  0x00000000
                                  0x017e7533
                                  0x00000000
                                  0x017e7531
                                  0x017e754b
                                  0x017e754f
                                  0x017e755c
                                  0x017e755c
                                  0x017e755f
                                  0x017e7560
                                  0x017e7561
                                  0x017e7562
                                  0x017e7563
                                  0x017e7568
                                  0x017e756a
                                  0x017e756c
                                  0x017e756d
                                  0x017e756d
                                  0x017e756f
                                  0x017e7572
                                  0x017e7574
                                  0x017e7577
                                  0x017e757c
                                  0x017e757f
                                  0x00000000
                                  0x017e7551
                                  0x017e7551
                                  0x017e7551
                                  0x017e7553
                                  0x017e7553
                                  0x017e7449
                                  0x017e7449
                                  0x017e744c
                                  0x017e744c
                                  0x00000000
                                  0x017e744c
                                  0x017e7443
                                  0x017e750e
                                  0x017e7514
                                  0x017e7514
                                  0x017e7455
                                  0x017e7469
                                  0x017e746d
                                  0x00000000
                                  0x017e7473
                                  0x017e7473
                                  0x017e7476
                                  0x017e7480
                                  0x017e7484
                                  0x017e748e
                                  0x017e7493
                                  0x017e7493
                                  0x017e7496
                                  0x017e7499
                                  0x017e74a1
                                  0x017e74b1
                                  0x017e74b5
                                  0x00000000
                                  0x017e74bb
                                  0x017e74c1
                                  0x017e74c1
                                  0x017e74c4
                                  0x017e74c5
                                  0x017e74c6
                                  0x017e74c7
                                  0x017e74c8
                                  0x017e74cd
                                  0x00000000
                                  0x017e74d3
                                  0x017e74d3
                                  0x017e74d6
                                  0x017e74d8
                                  0x017e74db
                                  0x017e74dd
                                  0x017e74e0
                                  0x017e74e7
                                  0x017e74ee
                                  0x017e74ee
                                  0x017e74f4
                                  0x017e74f9
                                  0x00000000
                                  0x017e74fb
                                  0x017e74fb
                                  0x017e74fd
                                  0x017e7500
                                  0x017e7503
                                  0x017e7505
                                  0x017e7505
                                  0x017e74f9
                                  0x00000000
                                  0x017e74cd
                                  0x017e74b5
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                  • Instruction ID: d56b387d2ef6982073fdfc82d5c68dd9c9ce717bd62b7e26d9bf39c09a0947f8
                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                  • Instruction Fuzzy Hash: 72517C71600646EFDB1ACF58C484A96FBF5FF49305F24C0AAE9089F216E371E945CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01742990 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E01742990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x17eff00);
				E0176D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x16f1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0175E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x16f1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E017951BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x16f166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01742AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01726600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01742C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0172EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01742AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01742C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01742ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0176D0D1(_t62);
				goto L28;
			}





















                                  0x01742990
                                  0x01742992
                                  0x01742997
                                  0x017429a3
                                  0x017429a6
                                  0x017429ab
                                  0x017429ad
                                  0x017429b2
                                  0x01785c80
                                  0x017429b8
                                  0x017429b8
                                  0x017429bb
                                  0x017429c0
                                  0x017429c5
                                  0x017429c6
                                  0x017429c6
                                  0x017429cb
                                  0x00000000
                                  0x00000000
                                  0x017429cd
                                  0x017429d0
                                  0x017429d9
                                  0x017429db
                                  0x017429dd
                                  0x01742a7f
                                  0x01742a84
                                  0x01742a87
                                  0x01742a89
                                  0x01785ca1
                                  0x01785ca3
                                  0x00000000
                                  0x01742a8f
                                  0x01742a8f
                                  0x00000000
                                  0x01742a8f
                                  0x00000000
                                  0x017429e3
                                  0x017429e3
                                  0x017429e3
                                  0x00000000
                                  0x017429e3
                                  0x017429dd
                                  0x00000000
                                  0x017429db
                                  0x017429e6
                                  0x017429e9
                                  0x017429eb
                                  0x017429ed
                                  0x017429f3
                                  0x017429f5
                                  0x017429f8
                                  0x017429fa
                                  0x01742a97
                                  0x01742a9a
                                  0x01742a9d
                                  0x01742add
                                  0x00000000
                                  0x01742a9f
                                  0x01742aa2
                                  0x01742aa5
                                  0x01742aa8
                                  0x01742aab
                                  0x01785cab
                                  0x01785caf
                                  0x01785cc5
                                  0x01785cda
                                  0x01785cdc
                                  0x01785cdf
                                  0x01785ce5
                                  0x00000000
                                  0x01785ceb
                                  0x01785ced
                                  0x01785cee
                                  0x00000000
                                  0x01785cee
                                  0x01785cb1
                                  0x01785cb4
                                  0x01785cb9
                                  0x01785cbb
                                  0x00000000
                                  0x01785cbd
                                  0x01785cbd
                                  0x00000000
                                  0x01785cbd
                                  0x01785cbb
                                  0x01742ab1
                                  0x01742ab1
                                  0x01742ac4
                                  0x01742ac6
                                  0x01742ac6
                                  0x00000000
                                  0x01742ac6
                                  0x01742aab
                                  0x00000000
                                  0x01742a00
                                  0x01742a09
                                  0x01742a0e
                                  0x01742a21
                                  0x01742a24
                                  0x01742a35
                                  0x01742a3a
                                  0x01742a3d
                                  0x01742a42
                                  0x01742a59
                                  0x01742a59
                                  0x01742a5c
                                  0x01742a5f
                                  0x01742a5f
                                  0x017429fa
                                  0x017429f3
                                  0x01742a64
                                  0x01742a64
                                  0x01742a6b
                                  0x01742a6b
                                  0x01742a6d
                                  0x01742a72
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 166c86fe01408d79190b3787269a1c0b5fddcb86d09eccdfa32442f0f287a41c
                                  • Instruction ID: 41dd287d89d27e7e2530ed3c1981b89b71c799b700698aedd79e0b70cc92fffb
                                  • Opcode Fuzzy Hash: 166c86fe01408d79190b3787269a1c0b5fddcb86d09eccdfa32442f0f287a41c
                                  • Instruction Fuzzy Hash: 09515871A0021AEFDF25DF59D844AAEFBB5BF58350F018155FD04AB266C3318A62CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01744BAD Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E01744BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x180d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0171CC50(_t86);
					L11:
					return E0175B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1808504
				E01732280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0175FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0175B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01734620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0171CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1808504
								E0172FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01744F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                  0x01744bad
                                  0x01744bbf
                                  0x01744bc2
                                  0x01744bc6
                                  0x01744bcd
                                  0x01744bd9
                                  0x017867fe
                                  0x01786800
                                  0x01744ccc
                                  0x01744ccd
                                  0x01744cb7
                                  0x01744cc9
                                  0x01744cc9
                                  0x01744bdf
                                  0x01744be5
                                  0x00000000
                                  0x00000000
                                  0x01744beb
                                  0x01744bef
                                  0x00000000
                                  0x00000000
                                  0x01744bf5
                                  0x01744bf9
                                  0x01744c06
                                  0x01744c0b
                                  0x01744c17
                                  0x01744c1c
                                  0x01744c1f
                                  0x01744c25
                                  0x01744c33
                                  0x01744c3d
                                  0x01744c40
                                  0x01744c43
                                  0x01744c47
                                  0x01744c4d
                                  0x01744c53
                                  0x01744c54
                                  0x01744c55
                                  0x01744c56
                                  0x01744c5b
                                  0x01744c5c
                                  0x01744c63
                                  0x01744c6b
                                  0x00000000
                                  0x00000000
                                  0x01786776
                                  0x01786784
                                  0x01786784
                                  0x0178679f
                                  0x017867a7
                                  0x017867af
                                  0x017867ce
                                  0x00000000
                                  0x017867b1
                                  0x017867b7
                                  0x017867b8
                                  0x017867c1
                                  0x017867d3
                                  0x017867d9
                                  0x017867dd
                                  0x01744c94
                                  0x01744c94
                                  0x01744c98
                                  0x01744c9c
                                  0x01744ca3
                                  0x017867f4
                                  0x017867f4
                                  0x01744cb5
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01744cb5
                                  0x01744c79
                                  0x01744c7e
                                  0x01744c89
                                  0x01744c8b
                                  0x01744c8f
                                  0x01744c8f
                                  0x00000000
                                  0x01744c89
                                  0x017867c3
                                  0x00000000
                                  0x017867c3
                                  0x017867af
                                  0x01744c73
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 32d118bcd7837c744ebd18ddb7100b518f9b30845e27b457e3da73dc44f41c17
                                  • Instruction ID: 05d9c0070e58230edc09001b800dfde26ee6399035f69887be50b383c2bdccb1
                                  • Opcode Fuzzy Hash: 32d118bcd7837c744ebd18ddb7100b518f9b30845e27b457e3da73dc44f41c17
                                  • Instruction Fuzzy Hash: 7441C135A40229ABDB31EF68C944FEEF7B4EF45710F0500A5E909AB245EB74DE80CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01744D3B Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E01744D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x180d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0175FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1807bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0175B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01734620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0171CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0175B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0175F380(_t67 + 0xc, 0x16f5138, 0x10) == 0) {
								 *0x18060d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01744F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01744E70(0x18086b0, 0x1745690, 0, 0) != 0) {
					_t46 = E0171CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                  0x01744d3b
                                  0x01744d4d
                                  0x01744d53
                                  0x01744d58
                                  0x01744d65
                                  0x01744d6c
                                  0x01744d71
                                  0x01744d77
                                  0x01744d7f
                                  0x01744d8c
                                  0x01744d8e
                                  0x01744dad
                                  0x01744db0
                                  0x01744db7
                                  0x01744db8
                                  0x01744db9
                                  0x01744dba
                                  0x01744dbb
                                  0x01744dc1
                                  0x01744dc8
                                  0x01744dcc
                                  0x01744dd5
                                  0x01744dde
                                  0x01744ddf
                                  0x01744de0
                                  0x01744de1
                                  0x01744de6
                                  0x01744de7
                                  0x01744de9
                                  0x01744df3
                                  0x00000000
                                  0x00000000
                                  0x01786c7c
                                  0x01786c8a
                                  0x01786c8a
                                  0x01786c9d
                                  0x01786ca7
                                  0x01786cac
                                  0x01786cb2
                                  0x01786cb9
                                  0x00000000
                                  0x01786cbf
                                  0x01786cbf
                                  0x00000000
                                  0x01786cbf
                                  0x01786cb9
                                  0x01744dfb
                                  0x01786ccf
                                  0x01786cd3
                                  0x01744e32
                                  0x01744e39
                                  0x01786ce0
                                  0x01786cf2
                                  0x01786cf2
                                  0x01786ce0
                                  0x01744e3f
                                  0x01744e41
                                  0x01744e51
                                  0x01744e51
                                  0x01744e03
                                  0x01744e03
                                  0x01744e09
                                  0x01744e0f
                                  0x01744e57
                                  0x00000000
                                  0x00000000
                                  0x01744e1b
                                  0x01744e30
                                  0x01744e5b
                                  0x01744e5b
                                  0x00000000
                                  0x01744e30
                                  0x01744e11
                                  0x01744e11
                                  0x01744e16
                                  0x00000000
                                  0x01744e16
                                  0x01744e01
                                  0x00000000
                                  0x01744e01
                                  0x01744da5
                                  0x01786c6b
                                  0x00000000
                                  0x01744dab
                                  0x01744dab
                                  0x00000000
                                  0x01744dab

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cf412cd6fa10fd9fb0422ed370e56e7dd8d20d67e4694207f6410f2c21717d01
                                  • Instruction ID: 0ee0fb491f0084bea54b5543cf8de5579d3c992b7a1a713589b9237c5d88d41b
                                  • Opcode Fuzzy Hash: cf412cd6fa10fd9fb0422ed370e56e7dd8d20d67e4694207f6410f2c21717d01
                                  • Instruction Fuzzy Hash: DE41D671A40328AFEB32DF18CC84F6AF7A9EB55710F0440D9E94697285D7B0ED84CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01728A0A Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E01728A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x180d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0175B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0172E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x16f1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01741DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01753C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01728999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                  0x01728a0a
                                  0x01728a1c
                                  0x01728a23
                                  0x01728a2e
                                  0x01728a30
                                  0x01728a36
                                  0x01728a3c
                                  0x01728a3e
                                  0x01728a4a
                                  0x01728a52
                                  0x01728a9c
                                  0x01728aae
                                  0x01728a58
                                  0x01728a5e
                                  0x01728a6a
                                  0x01728a6f
                                  0x01728a75
                                  0x01728a7d
                                  0x01728a85
                                  0x01728a86
                                  0x01728a89
                                  0x01728a93
                                  0x01728a99
                                  0x01728a9b
                                  0x00000000
                                  0x01728aaf
                                  0x01728abe
                                  0x01728ac3
                                  0x01728acb
                                  0x01728ad7
                                  0x01728ae0
                                  0x01728af1
                                  0x00000000
                                  0x01728af1
                                  0x01728acd
                                  0x01728ad5
                                  0x01728afb
                                  0x01728afd
                                  0x01728aff
                                  0x01728b07
                                  0x01728b22
                                  0x01728b24
                                  0x01728b2a
                                  0x01728b2e
                                  0x01728b3f
                                  0x01728b78
                                  0x01728b41
                                  0x01728b52
                                  0x01728b54
                                  0x01728b5c
                                  0x01728b74
                                  0x01728b74
                                  0x01728b5c
                                  0x01728b3f
                                  0x01728b5e
                                  0x01728b61
                                  0x01728b64
                                  0x01728b64
                                  0x01728b6c
                                  0x01728b6c
                                  0x01728b11
                                  0x01779cd5
                                  0x01779cd5
                                  0x01728b17
                                  0x01728b1a
                                  0x01728b1a
                                  0x00000000
                                  0x01728ad5
                                  0x01728a89

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a152b4f0131721d4e28618758c40c47d1c422bfe405331a50fcc9cd88fc681d1
                                  • Instruction ID: 6cd9ec282db7057eff166cb22f0dfa85276d472a70f5f6e222ae5e3fd032e3a0
                                  • Opcode Fuzzy Hash: a152b4f0131721d4e28618758c40c47d1c422bfe405331a50fcc9cd88fc681d1
                                  • Instruction Fuzzy Hash: AA41A1B1A0023C9BDB24CF19CC88AA9F7F4FB54300F1042EAD91997242EB719E81CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017DFDE2 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E017DFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E017DFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E017E0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01737D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E017D1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E017E2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E017DC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E017DDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01737D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E017DA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                  0x017dfde7
                                  0x017dfde8
                                  0x017dfdec
                                  0x017dfdee
                                  0x017dfdf5
                                  0x017dfdf7
                                  0x017dfdfc
                                  0x017dfe19
                                  0x017dfe22
                                  0x017dfe26
                                  0x017dfec6
                                  0x017dfecd
                                  0x017dfed5
                                  0x017dfee7
                                  0x017dfed7
                                  0x017dfee0
                                  0x017dfee0
                                  0x017dfeef
                                  0x017dff00
                                  0x017dff02
                                  0x017dff07
                                  0x017dff07
                                  0x00000000
                                  0x017dfeef
                                  0x017dfe33
                                  0x017dfe55
                                  0x017dfe59
                                  0x017dfe5b
                                  0x017dfe5e
                                  0x017dfe69
                                  0x017dfe6d
                                  0x017dfe6d
                                  0x017dfe69
                                  0x017dfe35
                                  0x017dfe41
                                  0x017dfe41
                                  0x017dfe79
                                  0x017dfe8b
                                  0x017dfe7b
                                  0x017dfe84
                                  0x017dfe84
                                  0x017dfe93
                                  0x00000000
                                  0x017dfea8
                                  0x017dfeba
                                  0x00000000
                                  0x017dfeba
                                  0x017dfdfe
                                  0x017dfe01
                                  0x017dfe02
                                  0x017dfe08
                                  0x017dff0c
                                  0x017dff14
                                  0x017dff14

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                  • Instruction ID: 1aa1d18b4704caebb32183a892d544bc02407e50b0873c98f84ed7e1be5ce597
                                  • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                  • Instruction Fuzzy Hash: 4C3108323006496FD722976CC849F6AFBFAEBC9650F184198E9479B386DA74DC42C760
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017DEA55 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E017DEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01732280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E017DE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0171F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0172FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E017DAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E017DBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01737D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E017CFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0172FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E017DA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                  0x017dea55
                                  0x017dea66
                                  0x017dea68
                                  0x017dea6c
                                  0x017dea6f
                                  0x017dea72
                                  0x017dea75
                                  0x017dea7a
                                  0x017dea7a
                                  0x017dea7e
                                  0x017dea80
                                  0x017dea85
                                  0x017dea8b
                                  0x017deab5
                                  0x017deabc
                                  0x017deabf
                                  0x017deabf
                                  0x017deaca
                                  0x017deace
                                  0x017dead0
                                  0x017deae4
                                  0x017deaeb
                                  0x017deaf0
                                  0x017deaf5
                                  0x017deb09
                                  0x017deb0d
                                  0x017deb1d
                                  0x017deb2d
                                  0x017deb38
                                  0x017deb3d
                                  0x017deb41
                                  0x017deb4a
                                  0x017deb60
                                  0x017deb4c
                                  0x017deb52
                                  0x017deb59
                                  0x017deb59
                                  0x017deb68
                                  0x017deb71
                                  0x017deb71
                                  0x017dea8d
                                  0x017dea8f
                                  0x017dea92
                                  0x017dea97
                                  0x017dea97
                                  0x017dea9b
                                  0x017dea9c
                                  0x017dea9e
                                  0x017deaa6
                                  0x017deaa6
                                  0x017deb7e

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                  • Instruction ID: 36842923efa72c9518d1be714048e33361c58d74dd887b2390f1b7b2c3da26b5
                                  • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                  • Instruction Fuzzy Hash: 5631A37260470A9BC71ADF28C884E6BF7BAFBC4610F04492DF5968B645DE30E905CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017969A6 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E017969A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x180d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01726C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01796BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01759980() >= 0) {
							E01732280(_t56, 0x1808778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1808774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1808774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0171B6F0(0x16fc338, 0x16fc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01759520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E017595D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0172FFB0(_t68, _t77, 0x1808778);
				}
				_pop(_t78);
				return E0175B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                  0x017969b5
                                  0x017969be
                                  0x017969c3
                                  0x017969c9
                                  0x017969cc
                                  0x017969d1
                                  0x017969d3
                                  0x017969de
                                  0x017969e1
                                  0x017969ea
                                  0x017969f6
                                  0x017969fe
                                  0x01796a13
                                  0x01796a14
                                  0x01796a15
                                  0x01796a16
                                  0x01796a1e
                                  0x01796a26
                                  0x01796a31
                                  0x01796a36
                                  0x01796a37
                                  0x01796a40
                                  0x01796a49
                                  0x01796a4a
                                  0x01796a53
                                  0x01796a59
                                  0x01796a5d
                                  0x01796a5e
                                  0x01796a64
                                  0x01796a67
                                  0x01796a6a
                                  0x01796a6d
                                  0x01796a70
                                  0x01796a77
                                  0x01796a7d
                                  0x01796a86
                                  0x01796a89
                                  0x01796a9c
                                  0x01796a9f
                                  0x01796aa2
                                  0x01796aa5
                                  0x01796aaf
                                  0x01796ab1
                                  0x01796ab8
                                  0x01796ab9
                                  0x01796abb
                                  0x01796abe
                                  0x01796ac5
                                  0x01796ac5
                                  0x01796aaf
                                  0x01796a40
                                  0x01796a26
                                  0x017969fe
                                  0x01796ace
                                  0x01796ad0
                                  0x01796ad3
                                  0x01796ad8
                                  0x01796adf
                                  0x01796adf
                                  0x01796ae8
                                  0x01796aef
                                  0x01796aef
                                  0x01796af9
                                  0x01796b06

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1ec21e4345f3f9c253710fce0d179541076bb1f43042565b47b744d50caf57f
                                  • Instruction ID: 0182f5424c5886654deb9742b38a8bf02394943a2794153a39a400c8b3556132
                                  • Opcode Fuzzy Hash: e1ec21e4345f3f9c253710fce0d179541076bb1f43042565b47b744d50caf57f
                                  • Instruction Fuzzy Hash: 7541AFB1D002099FDB15CFA9D840BFEFBF4EF48704F14822AE914A3244DB749A05CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01715210 Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E01715210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E017152A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017595D0();
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0172EB70(_t54, 0x18079a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E017595D0();
								L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0172EB70(_t54, 0x18079a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0175F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0172EB70(_t54, 0x18079a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017595D0();
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                  0x01715220
                                  0x01715224
                                  0x01770d13
                                  0x01770d16
                                  0x01770d19
                                  0x0171522a
                                  0x0171522a
                                  0x0171522d
                                  0x0171522d
                                  0x01715231
                                  0x01715235
                                  0x01715239
                                  0x01770d5c
                                  0x01770d62
                                  0x00000000
                                  0x00000000
                                  0x01770d6a
                                  0x01770d7b
                                  0x01770d7f
                                  0x01770d81
                                  0x01770d84
                                  0x01770d95
                                  0x01770d95
                                  0x01770d6c
                                  0x01770d71
                                  0x01770d71
                                  0x01770d9a
                                  0x00000000
                                  0x0171524a
                                  0x0171524a
                                  0x01715250
                                  0x01770d24
                                  0x01770d35
                                  0x01770d39
                                  0x01770d3b
                                  0x01770d3e
                                  0x01770d50
                                  0x01770d50
                                  0x01770d26
                                  0x01770d2b
                                  0x01770d2b
                                  0x00000000
                                  0x01770d55
                                  0x01715256
                                  0x0171525b
                                  0x01715265
                                  0x01770da7
                                  0x0171526b
                                  0x0171526e
                                  0x01715272
                                  0x01770db1
                                  0x01770db4
                                  0x01770dc5
                                  0x01770dc5
                                  0x01715272
                                  0x01715278
                                  0x0171527e
                                  0x0171528a
                                  0x0171528c
                                  0x0171528d
                                  0x00000000
                                  0x01715280
                                  0x01715282
                                  0x01715288
                                  0x0171529f
                                  0x01715292
                                  0x00000000
                                  0x01715292
                                  0x00000000
                                  0x01715288
                                  0x0171527e

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba29a3dfaf0f004da014a651f41e1c1eb92996ce0e3ff5ac490e1454cbf1e734
                                  • Instruction ID: 4105b546fe66a9795f6ebb0ea388e26eb42940198154fbf45c30429154b4bcfc
                                  • Opcode Fuzzy Hash: ba29a3dfaf0f004da014a651f41e1c1eb92996ce0e3ff5ac490e1454cbf1e734
                                  • Instruction Fuzzy Hash: A6314832245711EBCB269B1CC884F6AF7A5FF62720F104629F9554B299EB70F940C690
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01753D43 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01753D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01727B60(0, _t61, 0x16f11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01727B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01734620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                  0x01753d4c
                                  0x01753d50
                                  0x01753d55
                                  0x01753d5e
                                  0x0178e79a
                                  0x00000000
                                  0x0178e79a
                                  0x01753d68
                                  0x0178e789
                                  0x01753d9d
                                  0x01753da3
                                  0x01753daf
                                  0x01753db5
                                  0x01753dbc
                                  0x01753dc4
                                  0x01753dc9
                                  0x01753dce
                                  0x0178e7ae
                                  0x0178e7ae
                                  0x01753dde
                                  0x01753de2
                                  0x01753de7
                                  0x01753e0d
                                  0x01753e13
                                  0x01753e16
                                  0x01753e1e
                                  0x01753e25
                                  0x01753e28
                                  0x00000000
                                  0x00000000
                                  0x01753e2a
                                  0x01753e2f
                                  0x01753e37
                                  0x01753e37
                                  0x00000000
                                  0x01753e37
                                  0x01753e31
                                  0x00000000
                                  0x01753e31
                                  0x01753e20
                                  0x01753e20
                                  0x01753e35
                                  0x00000000
                                  0x01753de9
                                  0x01753de9
                                  0x01753de9
                                  0x01753dee
                                  0x01753dfd
                                  0x01753dff
                                  0x01753e02
                                  0x01753e05
                                  0x01753e05
                                  0x00000000
                                  0x01753df0
                                  0x01753de7
                                  0x0178e78f
                                  0x0178e794
                                  0x01753d79
                                  0x01753d84
                                  0x01753d89
                                  0x01753d8e
                                  0x00000000
                                  0x0178e7a4
                                  0x01753d96
                                  0x01753d9a
                                  0x00000000
                                  0x01753d9a
                                  0x00000000
                                  0x0178e794
                                  0x01753d6e
                                  0x01753d73
                                  0x00000000
                                  0x0178e7b5
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8be4b443879c0450c20b3d9ee6abb86266c0709645d757f16c71ee273ac04f88
                                  • Instruction ID: 46fb0dd6e0ff7dcb23aa2daf8f0aeb7e62562a92df776cd361ec10105d51bef0
                                  • Opcode Fuzzy Hash: 8be4b443879c0450c20b3d9ee6abb86266c0709645d757f16c71ee273ac04f88
                                  • Instruction Fuzzy Hash: 2731DE31600615DBD7699F2EC841A7AFBF5FF99780B0580AEE945CB360EBB0D881D790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174A61C Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0174A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x17f0220);
				E0176D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1807b9c; // 0x0
				_t55 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0176D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1807b10 =  *0x1807b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x180536c; // 0x773a5368
					if( *_t51 != 0x1805368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1805368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x180536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0174A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                  0x0174a61c
                                  0x0174a61e
                                  0x0174a623
                                  0x0174a628
                                  0x0174a62b
                                  0x0174a62d
                                  0x0174a648
                                  0x0174a64a
                                  0x0174a64f
                                  0x01789b44
                                  0x0174a6ec
                                  0x0174a6f1
                                  0x0174a6f1
                                  0x0174a655
                                  0x0174a657
                                  0x0174a65a
                                  0x0174a65d
                                  0x0174a662
                                  0x0174a663
                                  0x0174a667
                                  0x0174a668
                                  0x0174a66d
                                  0x0174a706
                                  0x0174a706
                                  0x01789bda
                                  0x01789be6
                                  0x01789beb
                                  0x00000000
                                  0x01789beb
                                  0x0174a679
                                  0x01789b7a
                                  0x00000000
                                  0x01789b7a
                                  0x0174a683
                                  0x0174a6f4
                                  0x0174a6f7
                                  0x0174a6f9
                                  0x0174a6fd
                                  0x0174a6a0
                                  0x0174a6a0
                                  0x0174a6ad
                                  0x0174a6af
                                  0x0174a6b4
                                  0x01789ba7
                                  0x01789bac
                                  0x00000000
                                  0x00000000
                                  0x01789bc6
                                  0x01789bce
                                  0x01789bd1
                                  0x01789bd3
                                  0x01789bd3
                                  0x00000000
                                  0x01789bd1
                                  0x0174a6bd
                                  0x0174a6c3
                                  0x0174a6c6
                                  0x0174a6d2
                                  0x0174a701
                                  0x0174a704
                                  0x00000000
                                  0x0174a704
                                  0x0174a6d4
                                  0x0174a6d6
                                  0x0174a6d9
                                  0x0174a6db
                                  0x0174a6e1
                                  0x0174a6e6
                                  0x0174a6e8
                                  0x0174a6e8
                                  0x0174a6ea
                                  0x00000000
                                  0x0174a6ea
                                  0x0174a688
                                  0x0174a692
                                  0x0174a694
                                  0x0174a699
                                  0x00000000
                                  0x00000000
                                  0x0174a69d
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39b4869a89280a877a6cfdf854e82bd0dc000fac49f26d55de6ba31b77690e60
                                  • Instruction ID: 7a9b5a689f2bc9a694321603c8286649b7e5e5dd7d3aa0552a95d61989cf5c2f
                                  • Opcode Fuzzy Hash: 39b4869a89280a877a6cfdf854e82bd0dc000fac49f26d55de6ba31b77690e60
                                  • Instruction Fuzzy Hash: 6D418BB5A40209DFDB16CF58C890BA9FBF1FF89304F1580A9EA06AB345C774A901CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173C182 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E0173C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01737D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E017E8D34(_v8, _t80);
					}
					E01732280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0172FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E017E8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0172FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0175B180();
						if(_a4 != 0) {
							E01732280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0173BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0173BB2D(_t16, _t15);
						E0173B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0172FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0172FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0172FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                  0x0173c18d
                                  0x0173c18f
                                  0x0173c191
                                  0x0173c19b
                                  0x0173c1a0
                                  0x0173c1d4
                                  0x0173c1de
                                  0x01782d6e
                                  0x0173c1e4
                                  0x0173c1e4
                                  0x0173c1e4
                                  0x0173c1ec
                                  0x01782d7d
                                  0x01782d7d
                                  0x0173c1f3
                                  0x0173c1ff
                                  0x01782d88
                                  0x01782d8d
                                  0x01782d94
                                  0x01782d94
                                  0x01782d9f
                                  0x01782da4
                                  0x01782dab
                                  0x01782db0
                                  0x01782db2
                                  0x01782db3
                                  0x01782db4
                                  0x01782dbc
                                  0x01782dc3
                                  0x01782dc3
                                  0x0173c205
                                  0x0173c205
                                  0x0173c208
                                  0x0173c20e
                                  0x0173c211
                                  0x0173c216
                                  0x0173c219
                                  0x0173c21f
                                  0x0173c222
                                  0x0173c22c
                                  0x0173c234
                                  0x0173c23a
                                  0x0173c23f
                                  0x0173c245
                                  0x0173c24b
                                  0x0173c251
                                  0x0173c25a
                                  0x0173c276
                                  0x0173c27d
                                  0x0173c27d
                                  0x0173c25c
                                  0x0173c25c
                                  0x00000000
                                  0x0173c25e
                                  0x0173c1a4
                                  0x0173c1aa
                                  0x0173c1b3
                                  0x0173c265
                                  0x0173c26c
                                  0x0173c26c
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                  • Instruction ID: 830743a260524f4313af58dd765ca0952eeb196fb22fac5dced4cb0263557a92
                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                  • Instruction Fuzzy Hash: F6317AB160558BBED706EBB4C884BE9FBA4BF96200F04415BC51C97207CB346A4AD7E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01797016 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E01797016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x180d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01796B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01796B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01737D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01759AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0175B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01734620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                  0x01797016
                                  0x0179701e
                                  0x0179702b
                                  0x01797033
                                  0x01797037
                                  0x0179703c
                                  0x0179703e
                                  0x01797041
                                  0x01797045
                                  0x0179704a
                                  0x01797050
                                  0x01797055
                                  0x0179705a
                                  0x01797062
                                  0x01797062
                                  0x0179705a
                                  0x01797064
                                  0x01797064
                                  0x01797067
                                  0x01797071
                                  0x01797096
                                  0x0179709b
                                  0x017970a2
                                  0x017970a6
                                  0x017970a7
                                  0x017970ad
                                  0x017970b3
                                  0x017970b6
                                  0x017970bb
                                  0x017970c3
                                  0x017970c3
                                  0x017970c6
                                  0x017970cd
                                  0x017970dd
                                  0x017970e0
                                  0x017970e2
                                  0x017970e2
                                  0x017970ee
                                  0x01797101
                                  0x017970f0
                                  0x017970f9
                                  0x017970f9
                                  0x0179710a
                                  0x0179710e
                                  0x01797112
                                  0x01797117
                                  0x01797118
                                  0x01797118
                                  0x017970bb
                                  0x0179711d
                                  0x01797123
                                  0x01797131
                                  0x01797131
                                  0x01797136
                                  0x0179713d
                                  0x0179713e
                                  0x0179713f
                                  0x0179714a
                                  0x0179714a
                                  0x01797084
                                  0x01797088
                                  0x00000000
                                  0x0179708e
                                  0x0179708e
                                  0x01797092
                                  0x00000000
                                  0x01797092

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50db6c35ea72beebf843ce625a3e2c743fa170401bfa7d4de72b5e58e3564a8f
                                  • Instruction ID: 6949ee233f0daf10afcfe792b68cdfd4668f5c43feec3554f920a2dfa110a137
                                  • Opcode Fuzzy Hash: 50db6c35ea72beebf843ce625a3e2c743fa170401bfa7d4de72b5e58e3564a8f
                                  • Instruction Fuzzy Hash: 5C31E4B26047419BC728DF2CD844A6AF7E5FFC8700F044A29F99587690E730E908CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174A70E Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E0174A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1807b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1807b10 = 8;
					 *0x1807b14 = 0x1807b0c;
					 *0x1807b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0174A990(0x1807b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0174A840(__edx, __ecx, __ecx, _t52, 0x1807b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1807b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1807b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1807b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01734620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1807b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0175F3E0(_t50,  *0x1807b14, _t8 >> 3);
						_t28 =  *0x1807b14; // 0x0
						__eflags = _t28 - 0x1807b0c;
						if(_t28 != 0x1807b0c) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1807b14 = _t50;
						_t48 = _v12;
						 *0x1807b10 = _t9;
						goto L6;
					}
					 *0x1807b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                  0x0174a713
                                  0x0174a714
                                  0x0174a717
                                  0x0174a71d
                                  0x0174a720
                                  0x0174a722
                                  0x0174a727
                                  0x0174a74a
                                  0x0174a754
                                  0x0174a75e
                                  0x0174a768
                                  0x0174a76a
                                  0x0174a773
                                  0x0174a78b
                                  0x0174a790
                                  0x0174a792
                                  0x0174a741
                                  0x0174a741
                                  0x0174a743
                                  0x0174a749
                                  0x0174a749
                                  0x0174a732
                                  0x0174a73a
                                  0x0174a797
                                  0x0174a79d
                                  0x0174a7a3
                                  0x0174a7a9
                                  0x0174a7b6
                                  0x0174a7bc
                                  0x0174a7ca
                                  0x0174a7e0
                                  0x0174a7e2
                                  0x0174a7e4
                                  0x01789bf2
                                  0x00000000
                                  0x01789bf2
                                  0x0174a7ed
                                  0x0174a7f2
                                  0x0174a800
                                  0x0174a805
                                  0x0174a80d
                                  0x0174a812
                                  0x01789c08
                                  0x01789c08
                                  0x0174a818
                                  0x0174a81b
                                  0x0174a821
                                  0x0174a824
                                  0x00000000
                                  0x0174a824
                                  0x0174a7ae
                                  0x00000000
                                  0x0174a7ae
                                  0x0174a73c
                                  0x0174a73e
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a965276330a8e0438f995ff5061f16a38c9f09f9ab62c27146d0b9cfd501e41b
                                  • Instruction ID: 3aade70d8d1ad3fde27863df69ce0e8970d399632bde990ea5f0fed5d0c811bd
                                  • Opcode Fuzzy Hash: a965276330a8e0438f995ff5061f16a38c9f09f9ab62c27146d0b9cfd501e41b
                                  • Instruction Fuzzy Hash: D731D0B1640A099FD763DF18DCA0F25BBF9FB84710F54099AE286C7244D370BA41CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017461A0 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E017461A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01745E50(0x16f67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E017E9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0171F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                  0x017461b3
                                  0x017461b5
                                  0x017461bd
                                  0x017461c3
                                  0x017461c7
                                  0x017461d2
                                  0x017461ff
                                  0x017461ff
                                  0x01746201
                                  0x01746207
                                  0x01746207
                                  0x017461d4
                                  0x017461d9
                                  0x00000000
                                  0x00000000
                                  0x017461df
                                  0x017461e2
                                  0x00000000
                                  0x00000000
                                  0x017461e6
                                  0x017461e8
                                  0x017461ee
                                  0x017461ee
                                  0x017461f9
                                  0x0178762f
                                  0x01787632
                                  0x01787635
                                  0x01787639
                                  0x01787640
                                  0x0178766e
                                  0x01787675
                                  0x00000000
                                  0x00000000
                                  0x01787681
                                  0x01787689
                                  0x0178768d
                                  0x01787691
                                  0x01787695
                                  0x01787699
                                  0x017876af
                                  0x017876b5
                                  0x017876b7
                                  0x017876b7
                                  0x017876d7
                                  0x017876dc
                                  0x00000000
                                  0x017876dc
                                  0x017876a2
                                  0x017876a9
                                  0x01787651
                                  0x01787653
                                  0x01787653
                                  0x01787656
                                  0x01787656
                                  0x00000000
                                  0x01787656
                                  0x01787644
                                  0x01787646
                                  0x01787648
                                  0x01787648
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0eb3a9d97bce06cdd0b45c8f4289c3c312429eb12d088d4cd337c7c14fb5d8f3
                                  • Instruction ID: 50b7d61e4ee9b3bbc9eb5064700cb645ea002d0d827ad6717528352f502ecde0
                                  • Opcode Fuzzy Hash: 0eb3a9d97bce06cdd0b45c8f4289c3c312429eb12d088d4cd337c7c14fb5d8f3
                                  • Instruction Fuzzy Hash: 053169716093018FE324DF1DC800B26FBE4FB88B04F15496DFA999B251E7B0E804CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171AA16 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E0171AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x180d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1807b9c; // 0x0
					_t53 = L01734620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0175B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0175F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01726C59(_t53, _t51, _t58) != 0) {
							_t28 = E01745E50(0x16fc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0174B230(_v32, _v28, 0x16fc2d8, 1,  &_v24);
								_t28 = E0171F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                  0x0171aa25
                                  0x0171aa29
                                  0x0171aa2d
                                  0x0171aa30
                                  0x0171aa37
                                  0x0171aa3c
                                  0x01774458
                                  0x01774458
                                  0x01774472
                                  0x01774474
                                  0x01774476
                                  0x0171aa64
                                  0x0171aa74
                                  0x0177447c
                                  0x01774483
                                  0x01774492
                                  0x0171aa52
                                  0x0171aa54
                                  0x0171aa5e
                                  0x017744a8
                                  0x017744ad
                                  0x017744af
                                  0x017744b6
                                  0x017744b6
                                  0x017744b9
                                  0x017744bc
                                  0x017744cd
                                  0x017744d3
                                  0x017744d6
                                  0x017744e1
                                  0x017744e1
                                  0x017744e6
                                  0x017744e8
                                  0x017744fb
                                  0x017744fb
                                  0x017744e8
                                  0x00000000
                                  0x0171aa5e
                                  0x01774476
                                  0x0171aa42
                                  0x0171aa46
                                  0x0171aa48
                                  0x0171aa4c
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e2bebf9ebacf2e04b622e6cce2dd444ec51bdac3f068201751d975c40c6a8d2
                                  • Instruction ID: 583c9571bf91c9e826a4f45c8ac63d933a01d45f6e2c2b10289531ef82b91f27
                                  • Opcode Fuzzy Hash: 7e2bebf9ebacf2e04b622e6cce2dd444ec51bdac3f068201751d975c40c6a8d2
                                  • Instruction Fuzzy Hash: 5731D572A0122AABCF159FA8CD81A7FF7B9EF44700F014069F906E7254E7749E11DBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01758EC7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E01758EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x180d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01744E70(0x18086e4, 0x1759490, 0, 0);
					if( *0x18053e8 > 5 && E01758F33(0x18053e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x18053e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x18053e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x16fbc46;
						_t48 = E01797B9C(0x18053e8, 0x16fbc46, _t67, 0x18053e8, _t70,  &_v140);
					}
				}
				return E0175B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                  0x01758ec7
                                  0x01758ed9
                                  0x01758edc
                                  0x01758ee6
                                  0x01758ee9
                                  0x01758eee
                                  0x01758efc
                                  0x01758f08
                                  0x01791349
                                  0x01791353
                                  0x0179135d
                                  0x01791366
                                  0x0179136f
                                  0x01791375
                                  0x0179137c
                                  0x01791385
                                  0x01791390
                                  0x01791391
                                  0x0179139c
                                  0x0179139d
                                  0x017913a6
                                  0x017913ac
                                  0x017913b2
                                  0x017913b5
                                  0x017913bc
                                  0x017913bf
                                  0x017913c2
                                  0x017913c5
                                  0x017913c8
                                  0x017913cb
                                  0x017913ce
                                  0x017913d1
                                  0x017913d4
                                  0x017913d7
                                  0x017913da
                                  0x017913dd
                                  0x017913e0
                                  0x017913e3
                                  0x017913e6
                                  0x017913e9
                                  0x017913f6
                                  0x01791400
                                  0x01791400
                                  0x01758f08
                                  0x01758f32

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f92a09ea82783b11eae737aa13a62b111b8a19696339ddd9cb6a707c19c64c04
                                  • Instruction ID: d540ae286a01cbabd1bcd896955e2a7fd691c191f2400f0ce369d414a63cd01b
                                  • Opcode Fuzzy Hash: f92a09ea82783b11eae737aa13a62b111b8a19696339ddd9cb6a707c19c64c04
                                  • Instruction Fuzzy Hash: AA41A1B1D0021C9FDB64CFAAD980AAEFBF4FB49310F5041AEE509A7240E7705A84CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174E730 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E0174E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01759670() < 0) {
					E0176DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1807b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01734620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0174E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                  0x0174e730
                                  0x0174e736
                                  0x0174e738
                                  0x0174e73d
                                  0x0174e73e
                                  0x0174e740
                                  0x0174e749
                                  0x0174e765
                                  0x0174e76a
                                  0x0174e76b
                                  0x0174e76c
                                  0x0174e76d
                                  0x0174e76e
                                  0x0174e76f
                                  0x0174e775
                                  0x0174e777
                                  0x0174e77e
                                  0x0178b675
                                  0x0174e784
                                  0x0174e784
                                  0x0174e789
                                  0x0174e7a8
                                  0x0174e7ac
                                  0x0174e807
                                  0x0174e7ae
                                  0x0174e7ae
                                  0x0174e7b1
                                  0x0174e7b4
                                  0x0174e7b9
                                  0x0174e7c0
                                  0x0174e7c4
                                  0x0174e7ca
                                  0x0174e7cc
                                  0x00000000
                                  0x0174e7d3
                                  0x0174e7d6
                                  0x00000000
                                  0x00000000
                                  0x0174e7ff
                                  0x0174e802
                                  0x00000000
                                  0x00000000
                                  0x0174e7f9
                                  0x0174e7fc
                                  0x00000000
                                  0x00000000
                                  0x0174e7f3
                                  0x0174e7f6
                                  0x00000000
                                  0x00000000
                                  0x0174e7ed
                                  0x0174e7f0
                                  0x00000000
                                  0x00000000
                                  0x0174e7e7
                                  0x0174e7ea
                                  0x00000000
                                  0x00000000
                                  0x0178b685
                                  0x0178b688
                                  0x00000000
                                  0x00000000
                                  0x0178b682
                                  0x00000000
                                  0x00000000
                                  0x0174e7cc
                                  0x0174e7d9
                                  0x0174e7dc
                                  0x0174e7de
                                  0x0174e7de
                                  0x0174e7ac
                                  0x0174e7e4
                                  0x0174e74b
                                  0x0174e751
                                  0x0174e759
                                  0x0174e761
                                  0x0174e761

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: befccca54a6ccdce6f1a02e9faedf571b08d669a610d98379fbeda901e39f4ed
                                  • Instruction ID: 4580d68ccde9b807199b04f9a9a7aa166177267c65da57c207aead8801be66e3
                                  • Opcode Fuzzy Hash: befccca54a6ccdce6f1a02e9faedf571b08d669a610d98379fbeda901e39f4ed
                                  • Instruction Fuzzy Hash: 38317A75A54249EFD745CF68C841B9AFBE8FB08324F148296FA14CB341DB75E980CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174BC2C Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0174BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1806100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01732280(0xd, 0x781f1a0);
				_t41 =  *0x18060f8; // 0x0
				if(_t41 != 0) {
					 *0x18060f8 =  *_t41;
					 *0x18060fc =  *0x18060fc + 0xffff;
				}
				E0172FFB0(_t41, 0x800, 0x781f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x18060f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01734620(0x1806100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1806100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                  0x0174bc36
                                  0x0174bc42
                                  0x0174bc45
                                  0x0174bc4a
                                  0x0174bd35
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0174bc50
                                  0x0174bc50
                                  0x0174bc58
                                  0x0174bc5a
                                  0x0174bc60
                                  0x00000000
                                  0x00000000
                                  0x0178a4f2
                                  0x0178a4f6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0178a4fc
                                  0x0174bc79
                                  0x0174bc7e
                                  0x0174bc86
                                  0x0174bd16
                                  0x0174bd20
                                  0x0174bd20
                                  0x0174bc8d
                                  0x0174bc94
                                  0x0174bcbd
                                  0x0174bcca
                                  0x0174bccb
                                  0x0174bccc
                                  0x0174bccd
                                  0x0174bcce
                                  0x0174bcd4
                                  0x0174bcea
                                  0x0174bcee
                                  0x0174bcf2
                                  0x0174bd00
                                  0x0174bd04
                                  0x00000000
                                  0x0174bc96
                                  0x0174bcab
                                  0x0174bcaf
                                  0x0174bd2c
                                  0x0174bd2c
                                  0x0174bd09
                                  0x00000000
                                  0x0174bd09
                                  0x0174bcb1
                                  0x0174bcb5
                                  0x0174bcbb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0174bcbb

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77ea66dfbd31dd3c4d1fbae6fe6c1388003623d7d21b8501f965420ee106fd96
                                  • Instruction ID: bc3b93c997215579f1180b6f49c024764a7be03c93e71104403010e7b36ef5c2
                                  • Opcode Fuzzy Hash: 77ea66dfbd31dd3c4d1fbae6fe6c1388003623d7d21b8501f965420ee106fd96
                                  • Instruction Fuzzy Hash: 4031DF3660061ADBDB62DF58D4C07A6B7B4FB18311F1540B9ED44EB206EB74DE498F80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01719100 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E01719100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x17ef6e8);
				E0176D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E017E88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0176D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18086c0; // 0x11b07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18086b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01732280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E017E88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0175AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x180b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18084c0;
										if(_t69 >=  *0x18084c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E017E9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0171922A(_t82);
							_t53 = E01737D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E017E8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18086c0; // 0x11b07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18086b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18086bc;
										_t72 = 0x18086b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01719240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18086c4;
									_t72 = 0x18086c0;
									L18:
									E01749B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                  0x01719100
                                  0x01719100
                                  0x01719100
                                  0x01719100
                                  0x01719102
                                  0x01719107
                                  0x0171910c
                                  0x01719110
                                  0x01719115
                                  0x01719136
                                  0x01719143
                                  0x017737e4
                                  0x017737e4
                                  0x01719149
                                  0x0171914e
                                  0x0171914e
                                  0x01719117
                                  0x0171911d
                                  0x00000000
                                  0x00000000
                                  0x0171911f
                                  0x01719125
                                  0x00000000
                                  0x01719151
                                  0x01719158
                                  0x0171915d
                                  0x01719161
                                  0x01719168
                                  0x01773715
                                  0x00000000
                                  0x0171916e
                                  0x0171916e
                                  0x01719175
                                  0x01719177
                                  0x0171917e
                                  0x0171917f
                                  0x01719182
                                  0x01719182
                                  0x01719187
                                  0x01719187
                                  0x0171918a
                                  0x0171918d
                                  0x0171918f
                                  0x01719192
                                  0x01719195
                                  0x01719198
                                  0x01719198
                                  0x01719198
                                  0x0171919a
                                  0x00000000
                                  0x00000000
                                  0x0177371f
                                  0x01773721
                                  0x01773727
                                  0x0177372f
                                  0x01773733
                                  0x01773735
                                  0x01773738
                                  0x0177373b
                                  0x0177373d
                                  0x01773740
                                  0x00000000
                                  0x00000000
                                  0x01773746
                                  0x01773749
                                  0x00000000
                                  0x00000000
                                  0x0177374f
                                  0x01773751
                                  0x00000000
                                  0x00000000
                                  0x01773757
                                  0x01773759
                                  0x0177375c
                                  0x0177375c
                                  0x0177375e
                                  0x0177375e
                                  0x01773761
                                  0x01773764
                                  0x00000000
                                  0x00000000
                                  0x01773766
                                  0x01773768
                                  0x017737a3
                                  0x017737a3
                                  0x017737a5
                                  0x017737a7
                                  0x017737ad
                                  0x017737b0
                                  0x017737b2
                                  0x017737bc
                                  0x017737c2
                                  0x017737c2
                                  0x017737b2
                                  0x01719187
                                  0x01719187
                                  0x0171918a
                                  0x0171918d
                                  0x0171918f
                                  0x01719192
                                  0x01719195
                                  0x00000000
                                  0x01719195
                                  0x00000000
                                  0x01719187
                                  0x0177376a
                                  0x0177376a
                                  0x0177376c
                                  0x0177376c
                                  0x0177376f
                                  0x01773775
                                  0x00000000
                                  0x00000000
                                  0x01773777
                                  0x01773779
                                  0x00000000
                                  0x00000000
                                  0x01773782
                                  0x01773787
                                  0x01773789
                                  0x01773790
                                  0x01773790
                                  0x0177378b
                                  0x0177378b
                                  0x0177378b
                                  0x01773792
                                  0x01773795
                                  0x01773795
                                  0x01773798
                                  0x01773798
                                  0x0177379b
                                  0x0177379b
                                  0x017191a3
                                  0x017191a9
                                  0x017191b0
                                  0x017191b4
                                  0x017191b4
                                  0x017191bb
                                  0x017191c0
                                  0x017191c5
                                  0x017191c7
                                  0x017737da
                                  0x017191cd
                                  0x017191cd
                                  0x017191cd
                                  0x017191d2
                                  0x017191d5
                                  0x01719239
                                  0x01719239
                                  0x017191d7
                                  0x017191db
                                  0x017191e1
                                  0x017191e7
                                  0x017191fd
                                  0x01719203
                                  0x0171921e
                                  0x01719223
                                  0x00000000
                                  0x01719223
                                  0x01719205
                                  0x01719208
                                  0x0171920c
                                  0x01719214
                                  0x01719214
                                  0x017191e9
                                  0x017191e9
                                  0x017191ee
                                  0x017191f3
                                  0x017191f3
                                  0x017191f3
                                  0x017191e7
                                  0x00000000
                                  0x017191db
                                  0x01719187
                                  0x01719168

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfb18048ea645f9607c3d48136469b00e515a6da034528ee0e75f67700fd2db9
                                  • Instruction ID: 2df3aaafd1d3dd3769848b4b3641bb9ab08ca889f9ab783880fef5904a49b2d3
                                  • Opcode Fuzzy Hash: bfb18048ea645f9607c3d48136469b00e515a6da034528ee0e75f67700fd2db9
                                  • Instruction Fuzzy Hash: 0431D471A01245DFDB26DB6CC49C7ACFBF1BB49318F15815DC61467249C330AAC1DB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01741DB5 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E01741DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0173F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01734620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0173F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                  0x01741dc2
                                  0x01741dc5
                                  0x01741dc7
                                  0x01741dcc
                                  0x01741dce
                                  0x01741dd6
                                  0x01741ddf
                                  0x01741de0
                                  0x01741de1
                                  0x01741de5
                                  0x01741de8
                                  0x01741def
                                  0x01741df0
                                  0x01741df6
                                  0x01741df7
                                  0x01741dfe
                                  0x01741e1a
                                  0x00000000
                                  0x00000000
                                  0x01741e0b
                                  0x01741e12
                                  0x01741e12
                                  0x01741e00
                                  0x01741e00
                                  0x01741e05
                                  0x01741e1e
                                  0x01741e23
                                  0x0178570f
                                  0x01785713
                                  0x00000000
                                  0x00000000
                                  0x01785719
                                  0x01785719
                                  0x01741e2c
                                  0x01741e2d
                                  0x01741e2e
                                  0x01741e2f
                                  0x01741e31
                                  0x01741e32
                                  0x01741e35
                                  0x01741e3d
                                  0x01785723
                                  0x0178573d
                                  0x0178573d
                                  0x00000000
                                  0x01785723
                                  0x01741e49
                                  0x01741e4e
                                  0x01741e4e
                                  0x01741e09
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                  • Instruction ID: bbac58e14afacf840987f43ff5ea43246cac78c306e521c680113dc5eab73c18
                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                  • Instruction Fuzzy Hash: 3C21A176A00129EFD721EF59CC84EABFFBDEF89681F514095EA0597210D730AE41D7A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01796C0A Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E01796C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01737D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1807b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01734620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0175F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01737D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01759AE0();
						_t23 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                  0x01796c0a
                                  0x01796c0f
                                  0x01796c10
                                  0x01796c13
                                  0x01796c15
                                  0x01796c19
                                  0x01796c1c
                                  0x01796c21
                                  0x01796c28
                                  0x01796c3a
                                  0x01796c2a
                                  0x01796c33
                                  0x01796c33
                                  0x01796c3f
                                  0x01796c48
                                  0x01796c4d
                                  0x01796c60
                                  0x01796c65
                                  0x01796c69
                                  0x01796c73
                                  0x01796c79
                                  0x01796c7f
                                  0x01796c86
                                  0x01796c90
                                  0x01796c94
                                  0x01796ca6
                                  0x01796cb2
                                  0x01796cbd
                                  0x01796cbd
                                  0x01796cc3
                                  0x01796cc7
                                  0x01796ccb
                                  0x01796cd0
                                  0x01796cd1
                                  0x01796ce2
                                  0x01796ce2
                                  0x01796c69
                                  0x01796ced

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dcac8aebed9480f7c5b225bd9394b7b31ad8d0a47a690ed8204455bb801165c7
                                  • Instruction ID: ee349586a8e466494bf847cd1d9c927b2d3d182dcd8ca0e83eef6a6c279f0818
                                  • Opcode Fuzzy Hash: dcac8aebed9480f7c5b225bd9394b7b31ad8d0a47a690ed8204455bb801165c7
                                  • Instruction Fuzzy Hash: 2B219AB1A00649ABDB16DB68E884E2AB7A8FF48700F0401A9F904C7791D634ED50CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017590AF Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E017590AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0176D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0174E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01734620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0175F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0174A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                  0x017590af
                                  0x017590b8
                                  0x017590bb
                                  0x017590bf
                                  0x017590c2
                                  0x017590c2
                                  0x017590c8
                                  0x017590cb
                                  0x017590cd
                                  0x017914d7
                                  0x017914eb
                                  0x017914eb
                                  0x00000000
                                  0x017914eb
                                  0x017914db
                                  0x017914e6
                                  0x00000000
                                  0x017914f2
                                  0x017914e8
                                  0x00000000
                                  0x017914e8
                                  0x017590d8
                                  0x017590da
                                  0x017590dd
                                  0x017590e5
                                  0x00000000
                                  0x01759139
                                  0x017590fa
                                  0x017590fe
                                  0x01759142
                                  0x00000000
                                  0x01759142
                                  0x01759104
                                  0x01759107
                                  0x0175910b
                                  0x01759110
                                  0x01759118
                                  0x01759147
                                  0x01759148
                                  0x0175914f
                                  0x01759150
                                  0x01759151
                                  0x01759152
                                  0x01759156
                                  0x0175915d
                                  0x01759160
                                  0x01759168
                                  0x0175916c
                                  0x017591bc
                                  0x017591be
                                  0x00000000
                                  0x017591be
                                  0x0175916e
                                  0x01759173
                                  0x01759176
                                  0x00000000
                                  0x00000000
                                  0x0175917c
                                  0x01759180
                                  0x017591b5
                                  0x00000000
                                  0x017591b5
                                  0x01759182
                                  0x01759185
                                  0x01759189
                                  0x00000000
                                  0x00000000
                                  0x0175918e
                                  0x01759190
                                  0x01759198
                                  0x00000000
                                  0x00000000
                                  0x017591a0
                                  0x00000000
                                  0x017591ad
                                  0x017591ad
                                  0x017591b0
                                  0x017591b1
                                  0x00000000
                                  0x01759185
                                  0x0175911a
                                  0x0175911c
                                  0x0175911f
                                  0x01759125
                                  0x01759127
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                  • Instruction ID: 66e0de30b2400b3bdbdb2b4d62e8f13cd8c0bd75c6e3e6d0816c80db469c8136
                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                  • Instruction Fuzzy Hash: 6D219271A00219EFDB21DF59C844EAAFBF8EB54314F1488AEEE49A7211D370ED14CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01743B7A Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E01743B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18084c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18084c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18084c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0175AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0175FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18084c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18084c4; // 0x0
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                  0x01743b89
                                  0x01743b96
                                  0x01743ba1
                                  0x01743bab
                                  0x01743bb5
                                  0x01743bb9
                                  0x01786298
                                  0x01743bbf
                                  0x01743bc2
                                  0x01743bc3
                                  0x01743bc9
                                  0x01743bca
                                  0x01743bcc
                                  0x01743bcd
                                  0x01743bd4
                                  0x01743bd6
                                  0x01743bdb
                                  0x01743bea
                                  0x01743bf7
                                  0x01743bfb
                                  0x01743bff
                                  0x01743c09
                                  0x01743c0a
                                  0x01743c0b
                                  0x01743c0f
                                  0x01743c14
                                  0x01743c18
                                  0x01743c18
                                  0x01743bfb
                                  0x01743c1b
                                  0x01743c30
                                  0x01743c30
                                  0x01743c3d

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 754462f246bb53273792e32cd9358c77a8617db436fbb3c8745624ab53bbd978
                                  • Instruction ID: 5ca87c7417fcf68f3c557b294ebbd68671155b4325f76cfee0a6909590646a73
                                  • Opcode Fuzzy Hash: 754462f246bb53273792e32cd9358c77a8617db436fbb3c8745624ab53bbd978
                                  • Instruction Fuzzy Hash: 3D21BE72A00519EFCB15DF58CD81F5ABBBDFB40308F1500A8EA08AB252D371AE41CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01796CF0 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E01796CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01737D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01737D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x16f5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0174F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0174F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01797016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01732400( &_v52);
								}
								_t21 = L01732400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                  0x01796cfb
                                  0x01796d00
                                  0x01796d02
                                  0x01796d06
                                  0x01796d0a
                                  0x01796d0e
                                  0x01796d19
                                  0x01796d2b
                                  0x01796d1b
                                  0x01796d24
                                  0x01796d24
                                  0x01796d33
                                  0x01796d39
                                  0x01796d46
                                  0x01796d4f
                                  0x01796d61
                                  0x01796d51
                                  0x01796d5a
                                  0x01796d5a
                                  0x01796d69
                                  0x01796d6b
                                  0x01796d6d
                                  0x01796d6f
                                  0x01796d6f
                                  0x01796d74
                                  0x01796d79
                                  0x01796d7a
                                  0x01796d7f
                                  0x01796d82
                                  0x01796d88
                                  0x01796d89
                                  0x01796d90
                                  0x01796d94
                                  0x01796da7
                                  0x01796db1
                                  0x01796db1
                                  0x01796dbb
                                  0x01796dbb
                                  0x01796d90
                                  0x01796d69
                                  0x01796d46
                                  0x01796dc6

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c4e4df11bfe85d92c15681c75ed4a085e0f3a20e6dba44f1845c79fa1a39bd0
                                  • Instruction ID: 5dbd58e559bfa6c70bbcc7111f4b3cd9b19b04119dd0dd54ff1251fda75b08cc
                                  • Opcode Fuzzy Hash: 7c4e4df11bfe85d92c15681c75ed4a085e0f3a20e6dba44f1845c79fa1a39bd0
                                  • Instruction Fuzzy Hash: 1A21F2725046459BDF11DF2CE948B6BFBECAF91680F040656FA50C7251E734C98CC6E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E070D Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E017E070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E017E07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E017DAFDE( &_v8,  &_v12);
					E017E1293(_t38, _v28, _t60);
					if(E01737D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E017D14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                  0x017e071b
                                  0x017e0724
                                  0x017e0734
                                  0x017e0738
                                  0x017e074b
                                  0x017e074b
                                  0x017e0753
                                  0x017e0753
                                  0x017e0759
                                  0x017e075d
                                  0x017e0774
                                  0x017e0779
                                  0x017e077d
                                  0x017e0789
                                  0x017e0795
                                  0x017e07a7
                                  0x017e0797
                                  0x017e07a0
                                  0x017e07a0
                                  0x017e07af
                                  0x017e07c4
                                  0x017e07cd
                                  0x017e07cd
                                  0x017e07af
                                  0x017e07dc

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                  • Instruction ID: 81bac7eebb63a1332aa3f9b9f83dbabd8309495283dcc0d97252b4a905ec665a
                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                  • Instruction Fuzzy Hash: 2521F2363042049FDB05DF1CC888A6ABBE5EBD8350F048569F9959B385DB70D919CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01797794 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E01797794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1807b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0175F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01737D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01759AE0();
					_t24 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                  0x01797799
                                  0x0179779a
                                  0x0179779b
                                  0x017977a3
                                  0x017977ab
                                  0x017977ae
                                  0x017977b1
                                  0x017977b1
                                  0x017977bf
                                  0x017977c4
                                  0x017977c8
                                  0x017977ce
                                  0x017977d4
                                  0x017977e0
                                  0x017977e0
                                  0x017977d6
                                  0x017977d6
                                  0x017977de
                                  0x00000000
                                  0x00000000
                                  0x017977de
                                  0x017977e5
                                  0x017977f0
                                  0x017977f3
                                  0x017977f6
                                  0x017977fd
                                  0x01797800
                                  0x0179780c
                                  0x01797818
                                  0x0179782b
                                  0x0179781a
                                  0x01797823
                                  0x01797823
                                  0x01797830
                                  0x01797831
                                  0x01797838
                                  0x0179783d
                                  0x0179783e
                                  0x0179784f
                                  0x0179784f
                                  0x0179785a

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85eacb345c126333aa80b7b6e73a75cf786e5b3eb761bf33400996a4f63033d7
                                  • Instruction ID: 52cb0cd1ca2747fb1870886907c458867bdf002f9bd83e4ca47c8ff0525eb402
                                  • Opcode Fuzzy Hash: 85eacb345c126333aa80b7b6e73a75cf786e5b3eb761bf33400996a4f63033d7
                                  • Instruction Fuzzy Hash: E221A172510604EBCB29DF69D894E6BFBA8EF88340F10056DFA0AC7750D634E900CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173AE73 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0173AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01737D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01737D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01737D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01737D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01797794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                  0x0173ae78
                                  0x0173ae7c
                                  0x0173ae7e
                                  0x0173ae81
                                  0x0173ae86
                                  0x0173ae8d
                                  0x01782691
                                  0x0173ae93
                                  0x0173ae93
                                  0x0173ae93
                                  0x0173ae98
                                  0x0173ae9d
                                  0x017826a2
                                  0x017826b4
                                  0x017826a4
                                  0x017826ad
                                  0x017826ad
                                  0x017826b9
                                  0x00000000
                                  0x017826bb
                                  0x00000000
                                  0x017826bb
                                  0x0173aea3
                                  0x0173aea3
                                  0x0173aea3
                                  0x0173aeaa
                                  0x017826c0
                                  0x017826c9
                                  0x017826c9
                                  0x0173aeb3
                                  0x017826d4
                                  0x017826e1
                                  0x00000000
                                  0x00000000
                                  0x017826e7
                                  0x017826ee
                                  0x017826f0
                                  0x017826f9
                                  0x017826f9
                                  0x01782702
                                  0x01782708
                                  0x01782708
                                  0x0178270b
                                  0x0178270f
                                  0x01782711
                                  0x01782711
                                  0x01782725
                                  0x01782725
                                  0x00000000
                                  0x0173aeb9
                                  0x0173aeb9
                                  0x0173aebf
                                  0x0173aebf
                                  0x0173aeb3

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                  • Instruction ID: d4b32d5c539995630b804553825544ffba98a6e6cef26faf90809ffe15ac1e08
                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                  • Instruction Fuzzy Hash: 8D21D4B2745685DFE716AB29C949B25F7E8EF84354F1900E0DD04CB6A3D734DC40C6A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174FD9B Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E0174FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E017276E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                  0x0174fd9b
                                  0x0174fda0
                                  0x0174fda1
                                  0x0174fdab
                                  0x0174fdad
                                  0x0174fdb0
                                  0x0174fdb8
                                  0x0174fe0f
                                  0x0174fde6
                                  0x0174fde9
                                  0x0174fdec
                                  0x0178c0c0
                                  0x0174fdfe
                                  0x0174fe06
                                  0x0174fe06
                                  0x0178c0c8
                                  0x0174fe2d
                                  0x0174fe2d
                                  0x00000000
                                  0x0174fe2d
                                  0x0178c0d1
                                  0x0178c0e0
                                  0x0178c0e5
                                  0x0178c0e5
                                  0x0178c0e8
                                  0x00000000
                                  0x0178c0e8
                                  0x0174fdf4
                                  0x00000000
                                  0x00000000
                                  0x0174fdf6
                                  0x0174fdfa
                                  0x0174fe1a
                                  0x0174fe1f
                                  0x0174fe1f
                                  0x0174fdfc
                                  0x00000000
                                  0x0174fdfc
                                  0x0174fdcc
                                  0x0174fdd0
                                  0x0174fe26
                                  0x00000000
                                  0x0174fe26
                                  0x0174fdd8
                                  0x0174fddb
                                  0x0174fddd
                                  0x0174fde0
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                  • Instruction ID: 9f1dedc23b44b2af2ad671344c8e436796262c097872cd2fc45b5379f46d53e1
                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                  • Instruction Fuzzy Hash: 1021A972640A44DFD736CF0DCA40E62F7E5EB98B11F2180AEE98987A15D730AC40CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174B390 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E0174B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01732280(_t12, 0x1808608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E017500C2(0x1808608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                  0x0174b395
                                  0x0174b3a2
                                  0x0174b3a5
                                  0x0174b3aa
                                  0x0174b3b2
                                  0x0174b3ba
                                  0x0174b3bd
                                  0x0174b3c0
                                  0x0174b3c4
                                  0x0174b3c9
                                  0x0178a3e9
                                  0x0178a3ed
                                  0x0178a3f0
                                  0x0178a3ff
                                  0x0178a403
                                  0x0178a409
                                  0x00000000
                                  0x00000000
                                  0x0178a40b
                                  0x0178a40b
                                  0x0178a40f
                                  0x0178a415
                                  0x0178a423
                                  0x0178a423
                                  0x0178a415
                                  0x0174b3d1
                                  0x0174b3e8
                                  0x0174b3e8
                                  0x0174b3d9

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d4aedbf97f779f737c2751a022b791d2a0f142b10ad7f16c547765d7e7b94ff6
                                  • Instruction ID: 660073701d490ccd72da395941d0d30c1709e8874b2e5f209357ac0650b27be9
                                  • Opcode Fuzzy Hash: d4aedbf97f779f737c2751a022b791d2a0f142b10ad7f16c547765d7e7b94ff6
                                  • Instruction Fuzzy Hash: 10116B337051149BCB1A9A198D81A2BF36AEBD5730B250139EE26C7780CA319C02C690
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01719240 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E01719240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x17ef708);
				E0176D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017595D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017595D0();
				_t33 =  *0x18084c4; // 0x0
				L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18084c4; // 0x0
				L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18084c4; // 0x0
				E01732280(L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18086b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E017595D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017595D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01719325();
					_t50 =  *0x18084c4; // 0x0
					return E0176D0D1(L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                  0x01719240
                                  0x01719242
                                  0x01719247
                                  0x0171924c
                                  0x0171924e
                                  0x01719255
                                  0x01719257
                                  0x0171925a
                                  0x0171925f
                                  0x0171925f
                                  0x01719266
                                  0x01719271
                                  0x01719276
                                  0x01719279
                                  0x0171927e
                                  0x01719295
                                  0x0171929a
                                  0x017192b1
                                  0x017192b6
                                  0x017192d7
                                  0x017192dc
                                  0x017192e0
                                  0x017192e6
                                  0x017192e8
                                  0x017192ee
                                  0x01719332
                                  0x01719333
                                  0x01719337
                                  0x01719338
                                  0x0171933a
                                  0x0171933a
                                  0x0171933d
                                  0x01719342
                                  0x01719342
                                  0x01719345
                                  0x01719349
                                  0x0171934e
                                  0x01719352
                                  0x01719357
                                  0x017192f4
                                  0x017192f4
                                  0x017192f6
                                  0x017192f9
                                  0x01719300
                                  0x01719306
                                  0x01719324
                                  0x01719324

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8a33109274e40d33f1c9d457cfb6c38043c6e4dfececbcddd3411d4acfc86cd2
                                  • Instruction ID: 672b53f870216a18abf02bc185e75a01f8cb5af276eebe8c7ce529f9a8fe5e8a
                                  • Opcode Fuzzy Hash: 8a33109274e40d33f1c9d457cfb6c38043c6e4dfececbcddd3411d4acfc86cd2
                                  • Instruction Fuzzy Hash: 68218971041A01DFC7A2EF28CA54F19F7F9FF18308F11456CE149866AACB34EA82CB44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017A4257 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E017A4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x17f08d0);
				E0176D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E017A41E8(__ebx, __edi, __ecx, _t39);
				E0172EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x18087e4;
					_t18 =  *0x18087e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1805cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x18087e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x18087e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01717055(_t31 + 0xfffffff8);
								_t24 =  *0x18087e0; // 0x0
								_t18 = _t24 - 1;
								 *0x18087e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1805cd0;
				if( *0x1805cd0 <= 0) {
					L01717055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x18087e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x18087e8 = _t30;
						 *0x18087e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0176D0D1(L017A4320());
			}















                                  0x017a4257
                                  0x017a4257
                                  0x017a4257
                                  0x017a4259
                                  0x017a425e
                                  0x017a4263
                                  0x017a4265
                                  0x017a4273
                                  0x017a4278
                                  0x017a427c
                                  0x017a427f
                                  0x017a4281
                                  0x017a4287
                                  0x017a42d7
                                  0x017a42d7
                                  0x017a42da
                                  0x017a428d
                                  0x017a428d
                                  0x017a428f
                                  0x017a4292
                                  0x017a4297
                                  0x017a429c
                                  0x017a42a0
                                  0x017a42a6
                                  0x017a42a8
                                  0x017a42ae
                                  0x017a42b3
                                  0x00000000
                                  0x017a42ba
                                  0x017a42ba
                                  0x017a42bf
                                  0x017a42c5
                                  0x017a42ca
                                  0x017a42cf
                                  0x017a42d0
                                  0x00000000
                                  0x017a42d0
                                  0x017a42b3
                                  0x00000000
                                  0x017a42a6
                                  0x017a429c
                                  0x017a42dc
                                  0x017a42dc
                                  0x017a42e3
                                  0x017a4309
                                  0x017a42e5
                                  0x017a42e5
                                  0x017a42e8
                                  0x017a42ee
                                  0x017a42f0
                                  0x00000000
                                  0x017a42f2
                                  0x017a42f2
                                  0x017a42f4
                                  0x017a42f7
                                  0x017a42f9
                                  0x017a4300
                                  0x017a4300
                                  0x017a42f0
                                  0x017a430e
                                  0x017a431f

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8c3f5cf126e3ff09bd07f55c7b9f0aa9f9df8fb442813ee3d9ffae3270113d84
                                  • Instruction ID: 6d118d2b07e77f09ac1828103b8da147b0aae42b196ec3bbfd5e990344f7d00f
                                  • Opcode Fuzzy Hash: 8c3f5cf126e3ff09bd07f55c7b9f0aa9f9df8fb442813ee3d9ffae3270113d84
                                  • Instruction Fuzzy Hash: 63215B71901605CFCB66DF68D004614FBB1FBDA314BA883AEC1068B29DDBB29691CF01
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01742397 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 34%
                                  			E01742397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x180848c != 0) {
					L0173FAD0(0x1808610);
					if( *0x180848c == 0) {
						E0173FA00(0x1808610, _t19, _t27, 0x1808610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01742581(0x1808610, 0x16f50a0, _t26, _t27, _t28);
						E0173FA00(0x1808610, 0x16f50a0, _t27, 0x1808610);
					}
				} else {
					L1:
					_t11 =  *0x1808614; // 0x0
					if(_t11 == 0) {
						_t11 = E01754886(0x16f1088, 1, 0x1808614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01742581(0x1808610, (_t11 << 4) + 0x16f5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                  0x017423b0
                                  0x017423b6
                                  0x01742409
                                  0x01742415
                                  0x01785ae9
                                  0x00000000
                                  0x0174241b
                                  0x0174241b
                                  0x0174241d
                                  0x01742427
                                  0x0174242e
                                  0x01742430
                                  0x01742430
                                  0x017423b8
                                  0x017423b8
                                  0x017423b8
                                  0x017423bf
                                  0x017423fc
                                  0x017423fc
                                  0x017423c1
                                  0x017423c3
                                  0x017423d0
                                  0x017423d8
                                  0x017423d8
                                  0x017423dc
                                  0x017423de
                                  0x017423e1
                                  0x017423e1
                                  0x017423ec

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eb3ba14d24b64387436603abe9276bd21e503bc3adb04973f6d605e5b4a9bab0
                                  • Instruction ID: 242b0e71309f3a7454f4daa75e41a67849166efca33a2d0f345285ed2cc7b2a5
                                  • Opcode Fuzzy Hash: eb3ba14d24b64387436603abe9276bd21e503bc3adb04973f6d605e5b4a9bab0
                                  • Instruction Fuzzy Hash: 46116F31B00301A7E731AA2DFC84B15F698FBA1750F15405AF702D7196CBB0D951C755
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017946A7 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E017946A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0175F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0174D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L017377F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                  0x017946b7
                                  0x017946ba
                                  0x017946c5
                                  0x017946c8
                                  0x017946d0
                                  0x017946d4
                                  0x017946e6
                                  0x017946e9
                                  0x017946f4
                                  0x017946ff
                                  0x01794705
                                  0x01794706
                                  0x0179470c
                                  0x01794713
                                  0x0179471b
                                  0x01794723
                                  0x01794725
                                  0x017946d6
                                  0x017946d9
                                  0x017946db
                                  0x017946db
                                  0x01794732

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                  • Instruction ID: cf9aca90d7b36574761b5b551ed41cb0635ca088084b18162b76d8113e3b9fdc
                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                  • Instruction Fuzzy Hash: C3112572504208BBCB059F5CE8808BEF7B9EF95300F1080AEF984C7351DA318D55D3A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017537F5 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E017537F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01732280(_t6, 0x1808550);
				}
				_t29 = E0175387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0172FFB0(0x1808550, _t27, 0x1808550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                  0x017537fa
                                  0x017537fc
                                  0x01753805
                                  0x01753808
                                  0x01753808
                                  0x01753814
                                  0x01753818
                                  0x01753846
                                  0x01753848
                                  0x0175384b
                                  0x0175384b
                                  0x01753852
                                  0x00000000
                                  0x01753854
                                  0x01753856
                                  0x00000000
                                  0x00000000
                                  0x01753863
                                  0x00000000
                                  0x01753863
                                  0x0175381a
                                  0x0175381a
                                  0x0175381f
                                  0x0175386e
                                  0x0175386e
                                  0x01753871
                                  0x01753873
                                  0x01753873
                                  0x01753868
                                  0x00000000
                                  0x01753868
                                  0x01753821
                                  0x01753826
                                  0x00000000
                                  0x00000000
                                  0x01753828
                                  0x0175382a
                                  0x01753841
                                  0x00000000
                                  0x01753841

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a25033ea0f4574b201570ade0d7ab0d60129cfe50535e6a2537b1c663158f01
                                  • Instruction ID: 3a0de75f832835cc274780e5ac7d4abd9e98eebf8852eff955985d0a890d6281
                                  • Opcode Fuzzy Hash: 5a25033ea0f4574b201570ade0d7ab0d60129cfe50535e6a2537b1c663158f01
                                  • Instruction Fuzzy Hash: 510126B2981A519BC37F8B5DD900E26FBA6FFD5B907154069ED458B226CB70E801C7E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174002D Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0174002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01737D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01737D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01737D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01737D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                  0x01740032
                                  0x01740037
                                  0x01740043
                                  0x01784b3a
                                  0x01740049
                                  0x01740049
                                  0x01740049
                                  0x0174004e
                                  0x01740053
                                  0x01784b48
                                  0x01784b5a
                                  0x01784b4a
                                  0x01784b53
                                  0x01784b53
                                  0x01784b5f
                                  0x00000000
                                  0x01784b61
                                  0x00000000
                                  0x01784b61
                                  0x01740059
                                  0x01740059
                                  0x01740060
                                  0x01784b6f
                                  0x01784b6f
                                  0x01740069
                                  0x01784b83
                                  0x00000000
                                  0x00000000
                                  0x01784b90
                                  0x01784b9b
                                  0x01784b9b
                                  0x01784ba4
                                  0x00000000
                                  0x00000000
                                  0x01784baa
                                  0x00000000
                                  0x0174006f
                                  0x0174006f
                                  0x00000000
                                  0x0174006f
                                  0x01740069

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                  • Instruction ID: 5781f0c0f85bae9c8d4524f2fc4b6815ae05b12f9117b817b82e8ac4c55e023a
                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                  • Instruction Fuzzy Hash: DC11C8726556828FE723A72CD948B75FFD4AF41754F0900E0EE06876A3D768D841C250
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172766D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E0172766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0174F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0174F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01734620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                  0x01727672
                                  0x0172767f
                                  0x01727689
                                  0x017276de
                                  0x017276de
                                  0x0172768b
                                  0x01727691
                                  0x01727693
                                  0x01727697
                                  0x00000000
                                  0x01727699
                                  0x017276a8
                                  0x00000000
                                  0x017276aa
                                  0x017276ad
                                  0x017276b1
                                  0x00000000
                                  0x017276b3
                                  0x017276b3
                                  0x017276b5
                                  0x017276ba
                                  0x017276bc
                                  0x017276bc
                                  0x017276c0
                                  0x00000000
                                  0x017276c2
                                  0x017276ce
                                  0x017276ce
                                  0x017276c0
                                  0x017276b1
                                  0x017276a8
                                  0x01727697
                                  0x017276d9

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                  • Instruction ID: fb2c98d28ecfb5ef4d807989b6ca9d05066e1eb6ffec06b428284bae819e31f9
                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                  • Instruction Fuzzy Hash: 6B01FC32300129ABC734DE9ECD84E5BFBADEB94760F180164FA08CB244DA30DC12C3A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01719080 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E01719080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18085ec;
				E01732280(_t48, 0x18085ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0172FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x180538c; // 0x773a6828
					if( *_t84 != 0x1805388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x17ef6e8);
						E0176D0E8(0x18085ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E017E88F5(_t80, _t85, 0x1805388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18086c0; // 0x11b07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18086b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01732280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E017E88F5(0x18085ec, _t85, 0x1805388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0175AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x180b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18084c0;
																			if(_t82 >=  *0x18084c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E017E9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0171922A(_t99);
										_t64 = E01737D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E017E8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18086c0; // 0x11b07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18086b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18086bc;
													_t87 = 0x18086b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01719240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18086c4;
												_t87 = 0x18086c0;
												L27:
												E01749B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0176D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1805388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x180538c = _t51;
						goto L6;
					}
				}
			}




















                                  0x01719082
                                  0x01719083
                                  0x01719084
                                  0x01719085
                                  0x01719087
                                  0x01719096
                                  0x01719098
                                  0x01719098
                                  0x0171909e
                                  0x017190a8
                                  0x017190e7
                                  0x017190e7
                                  0x017190aa
                                  0x017190b0
                                  0x017190b7
                                  0x017190bd
                                  0x017190dd
                                  0x017190e6
                                  0x017190bf
                                  0x017190bf
                                  0x017190c7
                                  0x017190cf
                                  0x017190f1
                                  0x017190f2
                                  0x017190f4
                                  0x017190f5
                                  0x017190f6
                                  0x017190f7
                                  0x017190f8
                                  0x017190f9
                                  0x017190fa
                                  0x017190fb
                                  0x017190fc
                                  0x017190fd
                                  0x017190fe
                                  0x017190ff
                                  0x01719100
                                  0x01719102
                                  0x01719107
                                  0x0171910c
                                  0x01719110
                                  0x01719113
                                  0x01719115
                                  0x01719136
                                  0x0171913f
                                  0x01719143
                                  0x017737e4
                                  0x017737e4
                                  0x01719117
                                  0x01719117
                                  0x0171911d
                                  0x00000000
                                  0x0171911f
                                  0x0171911f
                                  0x01719125
                                  0x00000000
                                  0x01719127
                                  0x0171912d
                                  0x01719130
                                  0x01719134
                                  0x01719158
                                  0x0171915d
                                  0x01719161
                                  0x01719168
                                  0x01773715
                                  0x0171916e
                                  0x0171916e
                                  0x01719175
                                  0x01719177
                                  0x0171917e
                                  0x0171917f
                                  0x01719182
                                  0x01719182
                                  0x01719187
                                  0x01719187
                                  0x0171918a
                                  0x0171918d
                                  0x0171918f
                                  0x01719192
                                  0x01719195
                                  0x01719198
                                  0x01719198
                                  0x01719198
                                  0x0171919a
                                  0x00000000
                                  0x00000000
                                  0x0177371f
                                  0x01773721
                                  0x01773727
                                  0x0177372f
                                  0x01773733
                                  0x01773735
                                  0x01773738
                                  0x0177373b
                                  0x0177373d
                                  0x01773740
                                  0x00000000
                                  0x01773746
                                  0x01773746
                                  0x01773749
                                  0x00000000
                                  0x0177374f
                                  0x0177374f
                                  0x01773751
                                  0x01773757
                                  0x01773759
                                  0x0177375c
                                  0x0177375c
                                  0x0177375e
                                  0x0177375e
                                  0x01773761
                                  0x01773764
                                  0x00000000
                                  0x00000000
                                  0x01773766
                                  0x01773768
                                  0x017737a3
                                  0x017737a3
                                  0x017737a5
                                  0x017737a7
                                  0x017737ad
                                  0x017737b0
                                  0x017737b2
                                  0x017737bc
                                  0x017737c2
                                  0x017737c2
                                  0x017737b2
                                  0x01719187
                                  0x01719187
                                  0x0171918a
                                  0x0171918d
                                  0x0171918f
                                  0x01719192
                                  0x01719195
                                  0x00000000
                                  0x01719195
                                  0x00000000
                                  0x0177376a
                                  0x0177376a
                                  0x0177376a
                                  0x0177376c
                                  0x0177376c
                                  0x0177376f
                                  0x01773775
                                  0x00000000
                                  0x00000000
                                  0x01773777
                                  0x01773779
                                  0x01773782
                                  0x01773787
                                  0x01773789
                                  0x01773790
                                  0x01773790
                                  0x0177378b
                                  0x0177378b
                                  0x0177378b
                                  0x01773792
                                  0x01773795
                                  0x00000000
                                  0x01773795
                                  0x00000000
                                  0x01773779
                                  0x01773798
                                  0x00000000
                                  0x01773798
                                  0x00000000
                                  0x01773768
                                  0x0177379b
                                  0x0177379b
                                  0x01773751
                                  0x01773749
                                  0x00000000
                                  0x01773740
                                  0x017191a0
                                  0x017191a3
                                  0x017191a9
                                  0x017191b0
                                  0x00000000
                                  0x017191b0
                                  0x01719187
                                  0x017191b4
                                  0x017191b4
                                  0x017191bb
                                  0x017191c0
                                  0x017191c5
                                  0x017191c7
                                  0x017737da
                                  0x017191cd
                                  0x017191cd
                                  0x017191cd
                                  0x017191d2
                                  0x017191d5
                                  0x01719239
                                  0x01719239
                                  0x017191d7
                                  0x017191db
                                  0x017191e1
                                  0x017191e7
                                  0x017191fd
                                  0x01719203
                                  0x0171921e
                                  0x01719223
                                  0x00000000
                                  0x01719205
                                  0x01719205
                                  0x01719208
                                  0x0171920c
                                  0x01719214
                                  0x01719214
                                  0x0171920c
                                  0x017191e9
                                  0x017191e9
                                  0x017191ee
                                  0x017191f3
                                  0x017191f3
                                  0x017191f3
                                  0x017191e7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01719134
                                  0x01719125
                                  0x0171911d
                                  0x0171914e
                                  0x017190d1
                                  0x017190d1
                                  0x017190d3
                                  0x017190d6
                                  0x017190d8
                                  0x00000000
                                  0x017190d8
                                  0x017190cf

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab4da83d3640af198fed85ca811aec6e2a01f6ade82e3305a095ae840d096a96
                                  • Instruction ID: 1b064e34968bd294fca6c9b7ec4a1b55e1139f353fc50a6853462005882ea302
                                  • Opcode Fuzzy Hash: ab4da83d3640af198fed85ca811aec6e2a01f6ade82e3305a095ae840d096a96
                                  • Instruction Fuzzy Hash: FF01D1725012098FC3268F0CD840B21BBA9EF86724F224066E205DB69AC270DD82CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017AC450 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E017AC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01759910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E017595B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E017595D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E017595D0();
				return L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                  0x017ac458
                                  0x017ac45d
                                  0x017ac466
                                  0x017ac468
                                  0x017ac469
                                  0x017ac46a
                                  0x017ac46b
                                  0x017ac46e
                                  0x017ac46f
                                  0x017ac471
                                  0x017ac476
                                  0x017ac476
                                  0x017ac47c
                                  0x017ac47e
                                  0x017ac480
                                  0x017ac480
                                  0x017ac483
                                  0x017ac484
                                  0x017ac486
                                  0x017ac488
                                  0x017ac48f
                                  0x017ac491
                                  0x017ac493
                                  0x017ac493
                                  0x017ac48f
                                  0x017ac498
                                  0x017ac49e
                                  0x017ac4ad
                                  0x017ac4ad
                                  0x017ac4b2
                                  0x017ac4b4
                                  0x017ac4cd

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                  • Instruction ID: 8697c20b46ea12eb9c73ab3aef1b8c6f68aa979f9ed380b7c087df910f2e3a87
                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                  • Instruction Fuzzy Hash: AE01927214060AFFE726AF69CC84E62FB6DFFA4394F504525F614425A4CB71ACA0CAA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E4015 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E017E4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01732280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01732280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x18086ac);
					E0171F900(0x18086d4, _t28);
					E0172FFB0(0x18086ac, _t28, 0x18086ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0172FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                  0x017e401a
                                  0x017e401e
                                  0x017e4023
                                  0x017e4028
                                  0x017e4029
                                  0x017e402b
                                  0x017e402f
                                  0x017e4043
                                  0x017e4046
                                  0x017e4051
                                  0x017e4057
                                  0x017e405f
                                  0x017e4062
                                  0x017e4067
                                  0x017e406f
                                  0x017e407c
                                  0x017e407c
                                  0x017e408c
                                  0x017e408c
                                  0x017e4097

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 26db83570f24be10a9d06d5d9058b57df82e037c0e15fdc51c52fe918419db86
                                  • Instruction ID: 667b7d0af72960e5e23cd0ec926f595b63266eafd81fcff49a9f1fe6145dcf08
                                  • Opcode Fuzzy Hash: 26db83570f24be10a9d06d5d9058b57df82e037c0e15fdc51c52fe918419db86
                                  • Instruction Fuzzy Hash: D801847160164A7FD251AB69CD88E13F7ACFB99650B010225F508C7A56CB24EC51CAE4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D138A Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E017D138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x180d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0175FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01737D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0175B640(E01759AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                  0x017d138a
                                  0x017d138a
                                  0x017d1399
                                  0x017d13a3
                                  0x017d13a8
                                  0x017d13aa
                                  0x017d13b5
                                  0x017d13bb
                                  0x017d13c3
                                  0x017d13c6
                                  0x017d13c9
                                  0x017d13d4
                                  0x017d13e6
                                  0x017d13d6
                                  0x017d13df
                                  0x017d13df
                                  0x017d13f1
                                  0x017d13f2
                                  0x017d13f4
                                  0x017d13f9
                                  0x017d140e

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ef3b79cb43ef23b9d000f15b3f68e0c8b795ea91ba98a54d635aab1934ae1634
                                  • Instruction ID: a5e54acd4fb353fd63061cf7366368b47409ba6324ecf4eacc5d439ebabe1f3f
                                  • Opcode Fuzzy Hash: ef3b79cb43ef23b9d000f15b3f68e0c8b795ea91ba98a54d635aab1934ae1634
                                  • Instruction Fuzzy Hash: 54015271E0025DAFDB14DFA9D845EAEFBB8EF44710F404156F904EB280DA749A41CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D14FB Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E017D14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x180d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0175FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01737D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0175B640(E01759AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                  0x017d14fb
                                  0x017d14fb
                                  0x017d150a
                                  0x017d1514
                                  0x017d1519
                                  0x017d151b
                                  0x017d1526
                                  0x017d152c
                                  0x017d1534
                                  0x017d1537
                                  0x017d153a
                                  0x017d1545
                                  0x017d1557
                                  0x017d1547
                                  0x017d1550
                                  0x017d1550
                                  0x017d1562
                                  0x017d1563
                                  0x017d1565
                                  0x017d156a
                                  0x017d157f

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68b4778db0f276026967931556fd8b72af48b798b44c41eb50fabac76de5f73d
                                  • Instruction ID: 5aa6f358c774e4f29a8274cbadeb4211ef62f153cced788b5315a0fa3f334880
                                  • Opcode Fuzzy Hash: 68b4778db0f276026967931556fd8b72af48b798b44c41eb50fabac76de5f73d
                                  • Instruction Fuzzy Hash: EE019E71A0024DAFDB14DFA8D845EAEFBB8EF44710F40406AF905EB280DA74DA00CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017158EC Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E017158EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x180d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x16f5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01715943() != 0 &&  *0x1805320 > 5) {
					E01797B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01797B5E( &_v28, _t28);
					_t11 = E01797B9C(0x1805320, 0x16fbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0175B640(_t11, _t17, _v8 ^ _t29, 0x16fbf15, _t27, _t28);
			}















                                  0x017158fb
                                  0x017158fe
                                  0x01715906
                                  0x0171590a
                                  0x0171593c
                                  0x0171593c
                                  0x0171590c
                                  0x0171590c
                                  0x01715911
                                  0x00000000
                                  0x01715913
                                  0x01715913
                                  0x01715913
                                  0x01715911
                                  0x0171591d
                                  0x01771035
                                  0x0177103c
                                  0x0177103f
                                  0x01771056
                                  0x01771056
                                  0x0171593b

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52b2bbfa9876015e98bdfc7cc845b98cf96132545fd5a4100c8381e660fe525b
                                  • Instruction ID: 2c4e3b74464743438283c104914e4df808049b91bd3530e9543951c4cef7c171
                                  • Opcode Fuzzy Hash: 52b2bbfa9876015e98bdfc7cc845b98cf96132545fd5a4100c8381e660fe525b
                                  • Instruction Fuzzy Hash: 4801A731A101099BCB1CDE7DDC049AFF7A9EF82530F9501699A059724CDE30DD05CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E1074 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017E1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E017E165E(__ebx, 0x1808ae4, (__edx -  *0x1808b04 >> 0x14) + (__edx -  *0x1808b04 >> 0x14), __edi, __ecx, (__edx -  *0x1808b04 >> 0x14) + (__edx -  *0x1808b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E017DAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01737D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E017CFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                  0x017e1074
                                  0x017e1080
                                  0x017e1082
                                  0x017e108a
                                  0x017e108f
                                  0x017e1093
                                  0x017e10ab
                                  0x017e10ab
                                  0x017e10c3
                                  0x017e10cf
                                  0x017e10e1
                                  0x017e10d1
                                  0x017e10da
                                  0x017e10da
                                  0x017e10e9
                                  0x017e10f5
                                  0x017e10f5
                                  0x017e10fe

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f7a700a87b6559f31fc00797ea2050ac43e9d5fae05b7d791bbcafc42488de1
                                  • Instruction ID: 9e66ca9bbedc37a2ed6e0a66ce591951a3071d11765fdccf00b6f70239c004e1
                                  • Opcode Fuzzy Hash: 4f7a700a87b6559f31fc00797ea2050ac43e9d5fae05b7d791bbcafc42488de1
                                  • Instruction Fuzzy Hash: 0F014C726047469FC711DF28C849B1AFBE5BBC8310F44C519F985C3694DE30D584CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172B02A Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0172B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01737D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01797016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                  0x0172b037
                                  0x0172b039
                                  0x0172b03b
                                  0x0172b040
                                  0x0177a60e
                                  0x00000000
                                  0x00000000
                                  0x0177a61d
                                  0x0172b04b
                                  0x0172b04e
                                  0x0177a627
                                  0x0177a634
                                  0x00000000
                                  0x00000000
                                  0x0177a641
                                  0x0177a653
                                  0x0177a643
                                  0x0177a64c
                                  0x0177a64c
                                  0x0177a65b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0177a66c
                                  0x0172b057
                                  0x0172b057
                                  0x0172b057
                                  0x0172b046
                                  0x0172b046
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                  • Instruction ID: 7a7d3dafd3d0e65f89e5f44a0c30f51cdbb74f9169f495acedc15cc5a7ef0f2c
                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                  • Instruction Fuzzy Hash: B1018472200584DFE737C75CC988F6ABBE8EB85750F0D00A1FA15CB651D728DC41C621
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017CFE3F Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E017CFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x180d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0175FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01737D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0175B640(E01759AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x017cfe3f
                                  0x017cfe3f
                                  0x017cfe4e
                                  0x017cfe58
                                  0x017cfe5d
                                  0x017cfe5f
                                  0x017cfe6a
                                  0x017cfe72
                                  0x017cfe75
                                  0x017cfe78
                                  0x017cfe83
                                  0x017cfe95
                                  0x017cfe85
                                  0x017cfe8e
                                  0x017cfe8e
                                  0x017cfea0
                                  0x017cfea1
                                  0x017cfea3
                                  0x017cfea8
                                  0x017cfebd

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a11080a2b9e3e63b9b208dd0c8579c925ec4983039b438c532888b2692838c9c
                                  • Instruction ID: 5cc879e1de72e68bfc4359df65e6b86694fda49c9b8c7183ca95649e1e07f0e0
                                  • Opcode Fuzzy Hash: a11080a2b9e3e63b9b208dd0c8579c925ec4983039b438c532888b2692838c9c
                                  • Instruction Fuzzy Hash: 68018871E0025DABDB14DFA9D845FAEF7B8EF44B10F00406AF9009B291DA709A01CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017CFEC0 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E017CFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x180d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0175FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01737D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0175B640(E01759AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x017cfec0
                                  0x017cfec0
                                  0x017cfecf
                                  0x017cfed9
                                  0x017cfede
                                  0x017cfee0
                                  0x017cfeeb
                                  0x017cfef3
                                  0x017cfef6
                                  0x017cfef9
                                  0x017cff04
                                  0x017cff16
                                  0x017cff06
                                  0x017cff0f
                                  0x017cff0f
                                  0x017cff21
                                  0x017cff22
                                  0x017cff24
                                  0x017cff29
                                  0x017cff3e

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dcc5c800f2034262c6bea2628cf3b2417fcf466991b3b3d5bcf60c766dfeb496
                                  • Instruction ID: ff48e0dbf154afb035b19c967a9da3ae3f4a7f822304fd33c72e2b3496e96dd6
                                  • Opcode Fuzzy Hash: dcc5c800f2034262c6bea2628cf3b2417fcf466991b3b3d5bcf60c766dfeb496
                                  • Instruction Fuzzy Hash: 3D018471E0020DABDB14DBA9D849FAEFBB8EF45710F40406AF900AB290EA709A01C795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8A62 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E017E8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x180d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01737D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0175B640(E01759AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x017e8a62
                                  0x017e8a71
                                  0x017e8a79
                                  0x017e8a82
                                  0x017e8a85
                                  0x017e8a89
                                  0x017e8a8c
                                  0x017e8a8f
                                  0x017e8a92
                                  0x017e8a95
                                  0x017e8a9f
                                  0x017e8ab1
                                  0x017e8aa1
                                  0x017e8aaa
                                  0x017e8aaa
                                  0x017e8abc
                                  0x017e8abd
                                  0x017e8abf
                                  0x017e8ac4
                                  0x017e8ada

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90ced91871e3e7abdaec803fcd81072606da72e0719ef1f444c2b74e07481ebd
                                  • Instruction ID: bd114387036c7cb0ef952a2c4aeb6320dd241b7a89af88768334a2bdfdc96269
                                  • Opcode Fuzzy Hash: 90ced91871e3e7abdaec803fcd81072606da72e0719ef1f444c2b74e07481ebd
                                  • Instruction Fuzzy Hash: 9F012CB1A0021DAFCB04DFA9D9459AEFBF8EF58310F10405AFA04E7351E774AA00CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8ED6 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E017E8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x180d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01737D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0175B640(E01759AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                  0x017e8ed6
                                  0x017e8ee5
                                  0x017e8eed
                                  0x017e8ef0
                                  0x017e8efa
                                  0x017e8f03
                                  0x017e8f0c
                                  0x017e8f15
                                  0x017e8f24
                                  0x017e8f27
                                  0x017e8f31
                                  0x017e8f43
                                  0x017e8f33
                                  0x017e8f3c
                                  0x017e8f3c
                                  0x017e8f4e
                                  0x017e8f4f
                                  0x017e8f51
                                  0x017e8f56
                                  0x017e8f69

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7da12bd8cdd39a26128ba192b1c0a77f140bb56afb504d0d894a60d979de8036
                                  • Instruction ID: 8ef6a1a1f2aba13c7a93cbdb1e6e8ec18dba8bd90b26e142c75a97e194b3a076
                                  • Opcode Fuzzy Hash: 7da12bd8cdd39a26128ba192b1c0a77f140bb56afb504d0d894a60d979de8036
                                  • Instruction Fuzzy Hash: 8D111270D002099FDB44DFA8D445BADF7F4FF08300F0442AAE918EB341E6349940CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171DB60 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0171DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0171DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0171E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0171E8B0(__ecx, _t14, 0xfff);
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                  0x0171db64
                                  0x0171db66
                                  0x0171db6b
                                  0x0171dbaa
                                  0x0171db71
                                  0x0171db76
                                  0x0171db7a
                                  0x0171dba3
                                  0x0171db7c
                                  0x0171db87
                                  0x0171db8b
                                  0x01774fa1
                                  0x01774fb3
                                  0x01774fb8
                                  0x0171db91
                                  0x0171db96
                                  0x0171db98
                                  0x0171db98
                                  0x0171db8b
                                  0x0171db7a
                                  0x0171db9d
                                  0x0171dba2

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                  • Instruction ID: 5dd28bbcddf37735b4fa80aa8bc1cbb90cf7e85529b9e3c04e1d819a22edfab4
                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                  • Instruction Fuzzy Hash: 35F068732415239BD7375ADDC88CB67F696AFD1A60F150075B6069B24CCE6088029AD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171B1E1 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0171B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01737D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01737D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01797016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                  0x0171b1e8
                                  0x0171b1ea
                                  0x0171b1f3
                                  0x01774a17
                                  0x0171b1f9
                                  0x0171b1f9
                                  0x0171b1f9
                                  0x0171b201
                                  0x01774a21
                                  0x01774a2e
                                  0x00000000
                                  0x00000000
                                  0x01774a3b
                                  0x01774a4d
                                  0x01774a3d
                                  0x01774a46
                                  0x01774a46
                                  0x01774a55
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0171b20a
                                  0x0171b20a
                                  0x0171b20a
                                  0x0171b20a

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                  • Instruction ID: fdb5dde9d756f5abc2c8489373a60dba1ea5e822f4360d04cb2fbfeb65a5978c
                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                  • Instruction Fuzzy Hash: 9A01F432204684DBD726A76DC808FA9FBA8EF91750F0A00A1FA158B6B6E778C940C314
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017AFE87 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E017AFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x180d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01737D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0175B640(E01759AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                  0x017afe96
                                  0x017afe9e
                                  0x017afea1
                                  0x017afead
                                  0x017afeb3
                                  0x017afeb9
                                  0x017afec3
                                  0x017afed5
                                  0x017afec5
                                  0x017afece
                                  0x017afece
                                  0x017afee0
                                  0x017afee1
                                  0x017afee3
                                  0x017afee8
                                  0x017afefb

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 188e6bbd0b5469319a3a10f2a44f26d35f2e191581a78a54826dad4104c37a87
                                  • Instruction ID: a739802ac82a40141ab35342ea5cdcd97465668b8048822eb10033253cc24d41
                                  • Opcode Fuzzy Hash: 188e6bbd0b5469319a3a10f2a44f26d35f2e191581a78a54826dad4104c37a87
                                  • Instruction Fuzzy Hash: FF016270A0420DEFCB54DFA8D545A6EB7F4EF08704F544199E904DB382D635DA01CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D131B Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 48%
                                  			E017D131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x180d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01737D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0175B640(E01759AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                  0x017d131b
                                  0x017d132a
                                  0x017d1330
                                  0x017d1336
                                  0x017d133e
                                  0x017d1341
                                  0x017d1344
                                  0x017d134f
                                  0x017d1361
                                  0x017d1351
                                  0x017d135a
                                  0x017d135a
                                  0x017d136c
                                  0x017d136d
                                  0x017d136f
                                  0x017d1374
                                  0x017d1387

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad14eb9656cf4a826954667948211a5a7bf54804ecdab47e6c88938df2f4763c
                                  • Instruction ID: 4e06d3d77500ba18e587884a18cb91f936b0ec87baa36301e89c3c10592c0641
                                  • Opcode Fuzzy Hash: ad14eb9656cf4a826954667948211a5a7bf54804ecdab47e6c88938df2f4763c
                                  • Instruction Fuzzy Hash: 070119B1A0120DAFCB44EFA9D549AAEB7F4EF58700F408059F905EB391EA749A00CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8F6A Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 48%
                                  			E017E8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x180d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01737D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0175B640(E01759AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                  0x017e8f6a
                                  0x017e8f79
                                  0x017e8f81
                                  0x017e8f84
                                  0x017e8f8b
                                  0x017e8f91
                                  0x017e8f94
                                  0x017e8f9e
                                  0x017e8fb0
                                  0x017e8fa0
                                  0x017e8fa9
                                  0x017e8fa9
                                  0x017e8fbb
                                  0x017e8fbc
                                  0x017e8fbe
                                  0x017e8fc3
                                  0x017e8fd6

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 28389df3f2bae32e5eb7ec7fbc44d6800cdbc4c6f0e233accbccd287ecf7744d
                                  • Instruction ID: 6e5356877fc9b6ba70224bbe34746d9226fc40e4eb79a0e7837c5364707345a5
                                  • Opcode Fuzzy Hash: 28389df3f2bae32e5eb7ec7fbc44d6800cdbc4c6f0e233accbccd287ecf7744d
                                  • Instruction Fuzzy Hash: 38014F74A0020DAFDB44EFA8D549AAEF7F4EF58300F508059B905EB381EB74DA00CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D1608 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E017D1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x180d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01737D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0175B640(E01759AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                  0x017d1608
                                  0x017d1617
                                  0x017d161d
                                  0x017d1625
                                  0x017d1628
                                  0x017d162b
                                  0x017d1636
                                  0x017d1648
                                  0x017d1638
                                  0x017d1641
                                  0x017d1641
                                  0x017d1653
                                  0x017d1654
                                  0x017d1656
                                  0x017d165b
                                  0x017d166e

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c3a5c61c3a287f1f998bc4711f3ce28f1df890ed209e13af07c93c2189600505
                                  • Instruction ID: 7400c8f342733e3c8ad9b365958ccf109d56e1a2f3522f593b7d15ee92cab699
                                  • Opcode Fuzzy Hash: c3a5c61c3a287f1f998bc4711f3ce28f1df890ed209e13af07c93c2189600505
                                  • Instruction Fuzzy Hash: 89F04F71A0424CEFDB14DFA8D449A6EF7B4EF14300F444069A905EB291EA749A00CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173C577 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0173C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0173C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x16f11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E017E88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                  0x0173c577
                                  0x0173c57d
                                  0x0173c581
                                  0x0173c5b5
                                  0x0173c5b9
                                  0x0173c5ce
                                  0x0173c5ce
                                  0x0173c5ca
                                  0x00000000
                                  0x0173c5ca
                                  0x0173c5c4
                                  0x0173c5c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0173c5ad
                                  0x00000000
                                  0x0173c5af

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f103a9584ab05984124b7eb320dd9835554814a01c9daee5011a1f0a981d489
                                  • Instruction ID: be66a65faadaf8b35c4320e80a9446387b9931c042c4fec8e6fbec21d227e5c9
                                  • Opcode Fuzzy Hash: 8f103a9584ab05984124b7eb320dd9835554814a01c9daee5011a1f0a981d489
                                  • Instruction Fuzzy Hash: D0F024B28152908FE733EB1CC008B22FFD49B85370F7484A7D545A31C3C2A0C880C250
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017D2073 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E017D2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E017CFD22(__ecx);
				_t19 =  *0x180849c - _t3; // 0x48f1aea6
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1808748; // 0x0
					if(__eflags <= 0) {
						E017D1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1808724 & 0x00000004;
							if(( *0x1808724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1808724; // 0x0
					return E017C8DF1(__ebx, 0xc0000374, 0x1805890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                  0x017d2076
                                  0x017d2078
                                  0x017d207d
                                  0x017d2083
                                  0x017d20a4
                                  0x017d20aa
                                  0x017d20ac
                                  0x017d20b7
                                  0x017d20ba
                                  0x017d20bc
                                  0x017d20c9
                                  0x017d20c9
                                  0x017d20d0
                                  0x017d20d2
                                  0x00000000
                                  0x017d20d2
                                  0x017d20be
                                  0x017d20c3
                                  0x017d20c5
                                  0x017d20c7
                                  0x00000000
                                  0x00000000
                                  0x017d20c7
                                  0x017d20bc
                                  0x017d20d4
                                  0x017d2085
                                  0x017d2085
                                  0x017d20a3
                                  0x017d20a3

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1aba924fbcc523346adb9c03007531214d11f8ccfd8aa278e6e9821885a4caa6
                                  • Instruction ID: 1253dff91a9d9192d70d6ca454d3abb63dd5e6f14a9dd076093f35c714a79908
                                  • Opcode Fuzzy Hash: 1aba924fbcc523346adb9c03007531214d11f8ccfd8aa278e6e9821885a4caa6
                                  • Instruction Fuzzy Hash: C2F0A02A81618D4ADFB36B2865152E2ABE6D756210B0E1489D9906760EC534CAD3CF25
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175927A Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E0175927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0175FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017592C6(_t11, _t14);
				}
				return _t11;
			}





                                  0x01759295
                                  0x01759299
                                  0x0175929f
                                  0x017592aa
                                  0x017592ad
                                  0x017592ae
                                  0x017592af
                                  0x017592b0
                                  0x017592b4
                                  0x017592bb
                                  0x017592bb
                                  0x017592c5

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                  • Instruction ID: 6a5e8527b7c42203b9cd8589c59713d05dbfe9e354e20cb2232497b1adcd0358
                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                  • Instruction Fuzzy Hash: 62E02B32340541ABE7519E09CC84F03B75DDFD2724F004078FA001F242C6F5DD0887A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8D34 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 43%
                                  			E017E8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x180d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01737D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0175B640(E01759AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                  0x017e8d34
                                  0x017e8d43
                                  0x017e8d4b
                                  0x017e8d4e
                                  0x017e8d52
                                  0x017e8d5c
                                  0x017e8d6e
                                  0x017e8d5e
                                  0x017e8d67
                                  0x017e8d67
                                  0x017e8d79
                                  0x017e8d7a
                                  0x017e8d7c
                                  0x017e8d81
                                  0x017e8d94

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 862b7327472d391b039525824099cd35d459a350464d7a2936181f3a9e091f50
                                  • Instruction ID: 069aafb4126890251afdd207db032f9dc9a946b432d711f0e56d781697a16c7c
                                  • Opcode Fuzzy Hash: 862b7327472d391b039525824099cd35d459a350464d7a2936181f3a9e091f50
                                  • Instruction Fuzzy Hash: 9DF0B470E0460C9FDB14EFB8D449A6EF7F4EF18300F508099E905EB291EA34D900CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8B58 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 36%
                                  			E017E8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x180d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01737D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0175B640(E01759AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                  0x017e8b67
                                  0x017e8b6f
                                  0x017e8b72
                                  0x017e8b7d
                                  0x017e8b8f
                                  0x017e8b7f
                                  0x017e8b88
                                  0x017e8b88
                                  0x017e8b9a
                                  0x017e8b9b
                                  0x017e8b9d
                                  0x017e8ba2
                                  0x017e8bb5

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ddf5913497f214d191dfa09ee9ac57b00da66d309ced7935a99918a841e5eea6
                                  • Instruction ID: bb1b29d1c4ddf801cbb421eda9229103ccf9f78f2cb25ecc6e53d116d18a60f3
                                  • Opcode Fuzzy Hash: ddf5913497f214d191dfa09ee9ac57b00da66d309ced7935a99918a841e5eea6
                                  • Instruction Fuzzy Hash: 74F05EB0A14259ABDB14EBA8D90AA6EB7E4EB08300F440499AA059B291EA74D900C795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0173746D Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E0173746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0172EB70(__ecx, 0x18079a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E017595D0();
							L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                  0x0173746d
                                  0x0173746d
                                  0x0173746d
                                  0x01737471
                                  0x01737488
                                  0x0177f92d
                                  0x0173748e
                                  0x01737491
                                  0x01737495
                                  0x0177f937
                                  0x0177f93a
                                  0x0177f94e
                                  0x0177f953
                                  0x0177f956
                                  0x0177f956
                                  0x01737495
                                  0x00000000
                                  0x01737488
                                  0x01737473
                                  0x01737478
                                  0x0173747d
                                  0x01737481
                                  0x00000000
                                  0x01737481
                                  0x0173747d
                                  0x0173747a
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3888c9e03111ea1c83e078fd375ae951c050913f255713e2bbed5045fbcf218d
                                  • Instruction ID: ff184e5f37819e45325bcd1c13f3394a41e3cc73834dce2510db9be9fa434adb
                                  • Opcode Fuzzy Hash: 3888c9e03111ea1c83e078fd375ae951c050913f255713e2bbed5045fbcf218d
                                  • Instruction Fuzzy Hash: B3F0B474500189AADF4A976CC980B79FF61AF84214F040155D971AF153E765A8018B85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017E8CD6 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 36%
                                  			E017E8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x180d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01737D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0175B640(E01759AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                  0x017e8ce5
                                  0x017e8ced
                                  0x017e8cf0
                                  0x017e8cfb
                                  0x017e8d0d
                                  0x017e8cfd
                                  0x017e8d06
                                  0x017e8d06
                                  0x017e8d18
                                  0x017e8d19
                                  0x017e8d1b
                                  0x017e8d20
                                  0x017e8d33

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cf2c3bfa1cc18595493b24f3b780fc59f97e0fb4ccf7b0a3a5f0923a06b300c
                                  • Instruction ID: d8bf828f14af12b84467ba7931b30b17e575d1a585520f9cf8869509c9f68c7a
                                  • Opcode Fuzzy Hash: 4cf2c3bfa1cc18595493b24f3b780fc59f97e0fb4ccf7b0a3a5f0923a06b300c
                                  • Instruction Fuzzy Hash: 35F08270A0420DAFDB04DBB8E949E6EB7F4EF58304F500199E915EB291EA34D940C755
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01714F2E Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01714F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E017E88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0173C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x16f1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                  0x01714f2e
                                  0x01714f34
                                  0x01714f38
                                  0x01770b85
                                  0x01770b85
                                  0x01770b89
                                  0x01770b9a
                                  0x01770b9a
                                  0x01770b9f
                                  0x00000000
                                  0x01770b9f
                                  0x01770b94
                                  0x01770b98
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x01770b98
                                  0x01714f3e
                                  0x01714f48
                                  0x00000000
                                  0x01714f6e
                                  0x00000000
                                  0x01714f70

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e290337eab3c92e3fcf1a3f5f371feb467a0e1c366c39ba624864b9a94eb3f14
                                  • Instruction ID: 8c2967f085074f5a0043d43e38cc593f7ac3f8e4d08bdd0c9cc72b65d5b47d09
                                  • Opcode Fuzzy Hash: e290337eab3c92e3fcf1a3f5f371feb467a0e1c366c39ba624864b9a94eb3f14
                                  • Instruction Fuzzy Hash: EBF0E232521684CFDB72DF1CC988B32F7D8AB067B8F144479E40587A76C724ED40C680
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174A44B Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0174A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1807b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0175FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                  0x0174a44b
                                  0x0174a453
                                  0x0174a472
                                  0x0174a476
                                  0x00000000
                                  0x0174a493
                                  0x0174a47a
                                  0x0174a47f
                                  0x0174a486
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aafd699b9f32f2480a6622d81ba06b9d092f6cd81f77f61addbf71a7e792de35
                                  • Instruction ID: 66f845178eeedc338712ecd1d698399903d7418b7627a6b646336d3ee819a8ae
                                  • Opcode Fuzzy Hash: aafd699b9f32f2480a6622d81ba06b9d092f6cd81f77f61addbf71a7e792de35
                                  • Instruction Fuzzy Hash: 90E09272A41821ABD3225E1CAC00F6AB79DDBE5651F094035EA05C7214D668DE01C7E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171F358 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E0171F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0174F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01734620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                  0x0171f35d
                                  0x0171f361
                                  0x0171f367
                                  0x0171f372
                                  0x0171f38c
                                  0x0171f38c
                                  0x0171f394

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                  • Instruction ID: ea6656d8dae7b0165d48ac4d78323326fcaf7b15683d928e6442c1398b3e6885
                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                  • Instruction Fuzzy Hash: C5E0D832A40118FBDB219ADD9D06F5AFFACDB54A60F000155FA04D7154D5609D00D2D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172FF60 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0172FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x16f11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E017E88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01730050(_t14);
				}
			}










                                  0x0172ff66
                                  0x0172ff6b
                                  0x00000000
                                  0x0172ff8f
                                  0x00000000
                                  0x0172ff8f

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7935173e06d5fb9dcd6c8cd80c159eee7a9580f841fc6fe004a961df3b78aa1d
                                  • Instruction ID: 5e387e690693985b24c7c7461097df94ef839e64c18a82c350f2f4744f2f16f9
                                  • Opcode Fuzzy Hash: 7935173e06d5fb9dcd6c8cd80c159eee7a9580f841fc6fe004a961df3b78aa1d
                                  • Instruction Fuzzy Hash: ECE026B0209214DFD735DB59D164F25FBFCAF62721F19805EF8084B102C621DA82C286
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017A41E8 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E017A41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x17f08f0);
				_t5 = E0176D08C(__ebx, __edi, __esi);
				if( *0x18087ec == 0) {
					E0172EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x18087ec == 0) {
						 *0x18087f0 = 0x18087ec;
						 *0x18087ec = 0x18087ec;
						 *0x18087e8 = 0x18087e4;
						 *0x18087e4 = 0x18087e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L017A4248();
				}
				return E0176D0D1(_t5);
			}





                                  0x017a41e8
                                  0x017a41ea
                                  0x017a41ef
                                  0x017a41fb
                                  0x017a4206
                                  0x017a420b
                                  0x017a4216
                                  0x017a421d
                                  0x017a4222
                                  0x017a422c
                                  0x017a4231
                                  0x017a4231
                                  0x017a4236
                                  0x017a423d
                                  0x017a423d
                                  0x017a4247

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d95940b8b7c2a6a940b65a33fd0b57ebf12d1f3431b643c5f6116bb30409dd11
                                  • Instruction ID: 393822bf26f544b86f4fd84fdd0df43031efb09693f11a52fe816a1ea908ef1f
                                  • Opcode Fuzzy Hash: d95940b8b7c2a6a940b65a33fd0b57ebf12d1f3431b643c5f6116bb30409dd11
                                  • Instruction Fuzzy Hash: 22F0F278D607098FCBF3EBA9D908704B6A4F79B311F40422A91118628DC77446E5CF05
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017CD380 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017CD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0171E8B0(__ecx, _a4, 0xfff);
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                  0x017cd38a
                                  0x017cd39b
                                  0x017cd3b1
                                  0x00000000
                                  0x017cd3b6
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                  • Instruction ID: 87f97f0826c2eced8d5ad9954fd57c0645e88de6adf1d6415094aa2b449cc6d3
                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                  • Instruction Fuzzy Hash: 88E0C231281209FBDB335E88CC00F69FB16DB50BA0F104039FE085A691CA719D91D6C4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174A185 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0174A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18067e4 >= 0xa) {
					if(_t5 < 0x1806800 || _t5 >= 0x1806900) {
						return L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01730010(0x18067e0, _t5);
				}
			}





                                  0x0174a190
                                  0x0174a1a6
                                  0x0174a1c2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0174a192
                                  0x0174a192
                                  0x0174a19f
                                  0x0174a19f

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 382c016f2c8a3cfda63037656634ca79ee3c867ea25d75373df8abb3e9102f2a
                                  • Instruction ID: 78a2d59528e386badaff6e1a1efed846c8c7e28fefcd24e9ca02f4e103df72f7
                                  • Opcode Fuzzy Hash: 382c016f2c8a3cfda63037656634ca79ee3c867ea25d75373df8abb3e9102f2a
                                  • Instruction Fuzzy Hash: BED05B615A10085BE66F57109D58B25B666F7C5750F34450DF3078B9D6FB5089F8D108
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017416E0 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017416E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01741710(0x18067e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01734620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                  0x017416e8
                                  0x017416ef
                                  0x017416f3
                                  0x017416fe
                                  0x00000000
                                  0x01741700
                                  0x0174170d
                                  0x0174170d
                                  0x017416f2
                                  0x017416f2
                                  0x017416f2
                                  0x017416f2

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56a638b5d56fe54e5dc9be92ab5093f8be54631db368e130d40df1af248005c3
                                  • Instruction ID: dce8217e51836bc358f7a78009190adb521990b88857528fbd058374360227ac
                                  • Opcode Fuzzy Hash: 56a638b5d56fe54e5dc9be92ab5093f8be54631db368e130d40df1af248005c3
                                  • Instruction Fuzzy Hash: 78D0A931200201A3EA2EAB189C08B14A652EBD0B81F78006CF30B898C1DFA0EDE2E449
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017953CA Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017953CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0172EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                  0x017953ca
                                  0x017953ce
                                  0x017953d9
                                  0x017953de
                                  0x017953e1
                                  0x017953e1
                                  0x017953e6
                                  0x017953f3
                                  0x00000000
                                  0x017953f8
                                  0x017953fb

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                  • Instruction ID: 2f1103436f134002dbda1a220d66df1731d6ef533e39120fb055fb380ca5d004
                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                  • Instruction Fuzzy Hash: CDE08272A006849BDF13EB8CCA94F4EFBF9FB84B00F180018A4086B621CA24AC00CB00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0172AAB0 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0172AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                  0x0172aab6
                                  0x0172aabb
                                  0x0177a442
                                  0x00000000
                                  0x0177a448
                                  0x0177a454
                                  0x0177a454
                                  0x0172aac1
                                  0x0172aac1
                                  0x0172aac6
                                  0x0172aac6

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                  • Instruction ID: 419165708b8e17209d6500724f7cb6f482f682c54525953b1c7f2ff57e632a0f
                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                  • Instruction Fuzzy Hash: 61D0E935352990CFEA17CB1DC554B1577B5BB44B84FC50490E501CBB62E62DD945CA00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017435A1 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017435A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0172EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                  0x017435a1
                                  0x017435a1
                                  0x017435a5
                                  0x017435ab
                                  0x017435ab
                                  0x017435b5
                                  0x00000000
                                  0x017435c1
                                  0x017435b7

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                  • Instruction ID: 65aeec52ebca8827b75af8bea95f69058a772f18bdebbf8d5c400ebd7a95e751
                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                  • Instruction Fuzzy Hash: FAD0C9325511A59BEB52BB78C218B78FBB2BB00218F7820A5D54A0695AC33A4A5AD681
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171DB40 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0171DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01734620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                  0x0171db4d
                                  0x0171db54
                                  0x0171db5f
                                  0x0171db56
                                  0x0171db56
                                  0x0171db5c
                                  0x0171db5c

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                  • Instruction ID: c357bfa4426c50d1318428b26ceb1305d4441fd2375e11304101a1696f7db7e0
                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                  • Instruction Fuzzy Hash: 23C08C30280A01EAEB361F28CD01B00BAA0BB50B01F4400A06302DA0F4DB78DC02EA00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0179A537 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0179A537(intOrPtr _a4, intOrPtr _a8) {

				return L01738E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                  0x0179a553

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                  • Instruction ID: 8c15f360a2b648082346dcfbe6e352684d959728ce2e4746124adf8f1770a871
                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                  • Instruction Fuzzy Hash: F4C08C33080248BBCB126F82CC00F06BF2AFBA8B60F008010FA080B571C632E970EB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01733A1C Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01733A1C(intOrPtr _a4) {
				void* _t5;

				return L01734620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                  0x01733a35

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                  • Instruction ID: 382ec75915fc408f00311de3aaad8c8b9bc298a5abf2cd475d9eecf32be616be
                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                  • Instruction Fuzzy Hash: 5BC08C32080648FBC7126E41DC00F01BB29E7A0B60F000020B6040A5618532EC60E588
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0171AD30 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0171AD30(intOrPtr _a4) {

				return L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                  0x0171ad49

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                  • Instruction ID: 67cd231b926ea2b8cc998dfcc192a8bdfc19479349083dfc68019f2fb0f12732
                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                  • Instruction Fuzzy Hash: E9C08C32080248BBC7126A45CD00F01BB29E7A0B60F000020B6040A6628932E860D588
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017276E2 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017276E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L017377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                  0x017276e4
                                  0x00000000
                                  0x017276f8
                                  0x017276fd

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                  • Instruction ID: 5b1605712ab020bf67397a2b1eafc905963db51489261864974c333344495805
                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                  • Instruction Fuzzy Hash: FEC08CB01421845AEB3F570DCF24B20BA50AB28708F48019CEA02094A2C368A803C208
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017436CC Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E017436CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01734620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                  0x017436d2
                                  0x017436e8
                                  0x017436d4
                                  0x017436e5
                                  0x017436e5

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                  • Instruction ID: 8fa9bf27f8a52c00eef6260d3bd4457d9cbc49076afb5937f74be9506d494828
                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                  • Instruction Fuzzy Hash: F5C02B70150840FBE7191F30CD01F14F254F740B21F6403547221454F0D6299C00E101
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01737D50 Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01737D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                  0x01737d56
                                  0x01737d5b
                                  0x01737d60
                                  0x01737d5d
                                  0x01737d5d
                                  0x01737d5d

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                  • Instruction ID: ad934e7a889138d4d6485a0ee43d7170377bbed749e001f5d936430f85e04615
                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                  • Instruction Fuzzy Hash: 06B092753119408FCE1ADF18C084B1573E4BB84A40B8400D0E400CBA22D329E8408900
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01742ACB Relevance: .0, Instructions: 5COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E01742ACB() {
				void* _t5;

				return E0172EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                  0x01742adc

                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                  • Instruction ID: 3b8f97781e3615b3d8dce454d6dca0c736cf0462ee2691cc0d975f07b90a386a
                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                  • Instruction Fuzzy Hash: 14B01233C10451CFCF02EF44C610F19B331FB00750F0544A0D00127930C628AC02CB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759950 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0bf3da989283b93ce6540d00ee7f8a0e50da5f72b60c6b93de9072fe2d45bf40
                                  • Instruction ID: 4be44565fe26f3dd07ee24d53a9f33f0083749639b80bd7ef3a685c7dfd2477d
                                  • Opcode Fuzzy Hash: 0bf3da989283b93ce6540d00ee7f8a0e50da5f72b60c6b93de9072fe2d45bf40
                                  • Instruction Fuzzy Hash: 9D9002A131540807D150659A88046074009A7D4342F51C021A6454555ECE698C517175
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017599D0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7dcedb9e4b55217dc71edd6d1e1f5fe8e0246e496ce1dea8ce9d5b98fde21ae
                                  • Instruction ID: da0db18f4c6da61895fc5b82a16c03633bc8ccf0274f12329e7f0e4cc4a0f456
                                  • Opcode Fuzzy Hash: b7dcedb9e4b55217dc71edd6d1e1f5fe8e0246e496ce1dea8ce9d5b98fde21ae
                                  • Instruction Fuzzy Hash: 2D9002A132500446D114619A84047064049A7E5241F51C022A6544554CC9698C617165
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175B040 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 028933c428d3b08deb80f04120fd4e9913d84307fa6ae4dbd8a0b8aa316e7f59
                                  • Instruction ID: 168ae11cd07ecfe47095b8fac62ff8b662b236b84cc9a44508a480de83821e38
                                  • Opcode Fuzzy Hash: 028933c428d3b08deb80f04120fd4e9913d84307fa6ae4dbd8a0b8aa316e7f59
                                  • Instruction Fuzzy Hash: 809002A1715144474550B19A88044069019B7E5341391C131A4844560CCAA88855B2A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759820 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ec4a35c5b15eeb65f56a05ff4095d6f6858e3f85da67b320ecd4dfd334febe3
                                  • Instruction ID: 4fcdea94197cc37a87d8d4e80d78f0eec19d5811fd2a4640a4694696d0a7764a
                                  • Opcode Fuzzy Hash: 6ec4a35c5b15eeb65f56a05ff4095d6f6858e3f85da67b320ecd4dfd334febe3
                                  • Instruction Fuzzy Hash: 6E90027135500806D151719A8404606400DB7D4281F91C022A4814554ECA958A56BAA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017598A0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2fd22b05a1ff4fa605ef95990094dd8e4a0551934a65fc37e0bf9095b840dd19
                                  • Instruction ID: 64397e46b381996a23848260c35db058f15961d4dd476b14c621f8a8bbdf5c25
                                  • Opcode Fuzzy Hash: 2fd22b05a1ff4fa605ef95990094dd8e4a0551934a65fc37e0bf9095b840dd19
                                  • Instruction Fuzzy Hash: B490026131500806D112619A8414606400DE7D5385F91C022E5814555DCA658953B172
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759B00 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d042e1e6b608919df90f89603c621d8670f51293b45194f6435f7ee0f80805
                                  • Instruction ID: 64d6157fa327ae3e2003793b76221c364a5cd3ec094cbb7deb96cc329f08403c
                                  • Opcode Fuzzy Hash: 09d042e1e6b608919df90f89603c621d8670f51293b45194f6435f7ee0f80805
                                  • Instruction Fuzzy Hash: CE90026135500C06D150719AC414707400AE7D4641F51C021A4414554DCA56896576F1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175A3B0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5196876b964bb6ceec2ad1e17d923ebc2f5ca470752d02c2ab18d6a34c369a2
                                  • Instruction ID: e96ffe9b9ef8e7718f6d1f1c1cd0f004d2bd48fe16073484a22204b30bc4387c
                                  • Opcode Fuzzy Hash: a5196876b964bb6ceec2ad1e17d923ebc2f5ca470752d02c2ab18d6a34c369a2
                                  • Instruction Fuzzy Hash: 3190027131544406D150719AC44460B9009B7E4341F51C421E4815554CCA558856B261
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759A10 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: db4d09348911f2085d96212a362e2fe13a099d06d46d53c080cf5462b6e43a0d
                                  • Instruction ID: c909cba34aea9bff7e7dbcc4055170a2709505c736484c1437abb7f7f08d5734
                                  • Opcode Fuzzy Hash: db4d09348911f2085d96212a362e2fe13a099d06d46d53c080cf5462b6e43a0d
                                  • Instruction Fuzzy Hash: B390027131540806D110619A88087474009A7D4342F51C021A9554555ECAA5C8917571
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759A80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c226379fdb0a4a8fcd403a91d8212deffff49d4d50f3e4ab06e2dcd3de815aa
                                  • Instruction ID: 9a4fd97b7c7a073611e0b8dbe12629e420e61cc9c296064de5500b636632d577
                                  • Opcode Fuzzy Hash: 2c226379fdb0a4a8fcd403a91d8212deffff49d4d50f3e4ab06e2dcd3de815aa
                                  • Instruction Fuzzy Hash: BC90026131544846D150629A8804B0F8109A7E5242F91C029A8546554CCD5588557761
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759560 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03244b9c9b12713462ac366e22d5252774e651c45c1ec66234a6448a35d849bd
                                  • Instruction ID: cff0c60c5951eb523ff46974a90fa9e58ed70f8400d8a9fe7be2e7387acf7d47
                                  • Opcode Fuzzy Hash: 03244b9c9b12713462ac366e22d5252774e651c45c1ec66234a6448a35d849bd
                                  • Instruction Fuzzy Hash: 5B900265335004060155A59A460450B4449B7DA391391C025F5806590CCA6188657361
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175AD30 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 489c60f41222e4e357185b39531438253161adb4864b704872ab272a6ddb584e
                                  • Instruction ID: 5ab1e80275362c1b654c33a9ebfc4f263e4df1dc0cf5cdfbd43f6c30af489adc
                                  • Opcode Fuzzy Hash: 489c60f41222e4e357185b39531438253161adb4864b704872ab272a6ddb584e
                                  • Instruction Fuzzy Hash: C2900271B19004169150719A8814646800AB7E4781B55C021A4904554CCD948A5573E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b9120ca71ecd750bbc756eea8699b8c264ad43b171da812c78b878629bdc1c36
                                  • Instruction ID: 78538627bec46ebb797a69ac069d90fc35a545b5cfcf40d2c3fd5eb73c1fb1e2
                                  • Opcode Fuzzy Hash: b9120ca71ecd750bbc756eea8699b8c264ad43b171da812c78b878629bdc1c36
                                  • Instruction Fuzzy Hash: B99002E1315144964510A29AC404B0A8509A7E4241B51C026E5444560CC9658851B175
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017595F0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93a84fb8074763d6644e432044fd02bb3002dbc871010d222d9e52dc8938acc3
                                  • Instruction ID: b2fe9ade221d70b5ec3bbef4c75f41a775349cfc738622a84fed6cf76f4017b0
                                  • Opcode Fuzzy Hash: 93a84fb8074763d6644e432044fd02bb3002dbc871010d222d9e52dc8938acc3
                                  • Instruction Fuzzy Hash: BE90027131500C06D114619A88046864009A7D4341F51C021AA414655EDAA588917171
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175A770 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ede88a206a654f8e77311b24c1c1ace8251ef30417e0aa23ebb9690396e2dcda
                                  • Instruction ID: 7c233d7eb045b936cd816ffd7464836dd7af8f61e37616a12dfa6c9474212948
                                  • Opcode Fuzzy Hash: ede88a206a654f8e77311b24c1c1ace8251ef30417e0aa23ebb9690396e2dcda
                                  • Instruction Fuzzy Hash: 8290027531904846D510659A9804A874009A7D4345F51D421A481459CDCA948861B161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759770 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4dfa22b5af4661e1652a4267a10682162d9e6e7f6e050ab2f997798057d00601
                                  • Instruction ID: 22c8e0192ba1be6b7c49fbb19fce3a5529dc027b20a79292db079ed79b23d324
                                  • Opcode Fuzzy Hash: 4dfa22b5af4661e1652a4267a10682162d9e6e7f6e050ab2f997798057d00601
                                  • Instruction Fuzzy Hash: 3190026131904846D110659A9408A064009A7D4245F51D021A5454595DCA758851B171
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759760 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35f46168e0c2b9f12c9828598204a6d05b5a4e116009fddb7bea175170126dae
                                  • Instruction ID: 6354a831e5c134119e6ee1a3075fc27b69a2544d863915ee119d9bcf99f1e76f
                                  • Opcode Fuzzy Hash: 35f46168e0c2b9f12c9828598204a6d05b5a4e116009fddb7bea175170126dae
                                  • Instruction Fuzzy Hash: F590027131500807D110619A95087074009A7D4241F51D421A4814558DDA9688517161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759730 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5e4cbb50b0b21673fb1cc58393f0654dc1243310d62e73364de05529a4c4fb0f
                                  • Instruction ID: 3ed47e964550c092aa74e88799684d3af6b5dd0f8a6e025d5989fa465248c947
                                  • Opcode Fuzzy Hash: 5e4cbb50b0b21673fb1cc58393f0654dc1243310d62e73364de05529a4c4fb0f
                                  • Instruction Fuzzy Hash: CA90026171900806D150719A94187064019A7D4241F51D021A4414554DCA998A5576E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0175A710 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4eab7a80b187dfccc89954bd88dd1bd28b205af482b17cfc039777c98ead32b6
                                  • Instruction ID: 8140aa1eac5f7178811e9ee491ef43c9b74f2a3333b32d3c9866e16cf2c89559
                                  • Opcode Fuzzy Hash: 4eab7a80b187dfccc89954bd88dd1bd28b205af482b17cfc039777c98ead32b6
                                  • Instruction Fuzzy Hash: D0900271315004569510A6DA9804A4A8109A7F4341B51D025A8404554CC99488617161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759FE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f71b3e6043eba93f4669e2f2ba1577bad780354ca76320fede8f1e29e524a85d
                                  • Instruction ID: 7db8794f7c0bfe9fafa48bcac8bc2001bf5bb1535dc284c3baec20e20f088ddb
                                  • Opcode Fuzzy Hash: f71b3e6043eba93f4669e2f2ba1577bad780354ca76320fede8f1e29e524a85d
                                  • Instruction Fuzzy Hash: 1490027132514806D120619AC4047064009A7D5241F51C421A4C14558DCAD588917162
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759650 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 80c24230352fbf34d8324f1903e373c614fbb6035c28a81681c2a8aa6fded929
                                  • Instruction ID: df6732ac823aded98d2e26fe10d750854294204e71fdaa3384714630b045e442
                                  • Opcode Fuzzy Hash: 80c24230352fbf34d8324f1903e373c614fbb6035c28a81681c2a8aa6fded929
                                  • Instruction Fuzzy Hash: 0790027131904C46D150719A8404A464019A7D4345F51C021A4454694DDA658D55B6A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759610 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b47c9d8465879d101401b7fbb352a283fe40c812403c1d41ad163885a9459fa
                                  • Instruction ID: 4de43161996f7d8e07976f487bed6224f04ae3632146974adccec600884c68c3
                                  • Opcode Fuzzy Hash: 2b47c9d8465879d101401b7fbb352a283fe40c812403c1d41ad163885a9459fa
                                  • Instruction Fuzzy Hash: 7890027171900C06D160719A84147464009A7D4341F51C021A4414654DCB958A5576E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017596D0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bec400fe2893148b325252005a4f6e21690e36294fea81a397d57124f1fe907a
                                  • Instruction ID: 4fb2cdc3071ebc3cd431904b32cd50019d4846003e82178666921c5eb31c0b60
                                  • Opcode Fuzzy Hash: bec400fe2893148b325252005a4f6e21690e36294fea81a397d57124f1fe907a
                                  • Instruction Fuzzy Hash: 5190027131500C46D110619A8404B464009A7E4341F51C026A4514654DCA55C8517561
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01759670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction ID: 4b6b03e563e3f3d6279e5317bdc5e925de56894bb9efdd33fe2f0ea671d7aeb9
                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction Fuzzy Hash:
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0174645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 26%
                                  			E0174645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x180d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E0175FA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E01732280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E0172FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x180b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E0175B640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                  0x0174645b
                                  0x01746463
                                  0x0174646d
                                  0x01746475
                                  0x0174647a
                                  0x0174647e
                                  0x01746480
                                  0x0174648c
                                  0x01746490
                                  0x01746495
                                  0x01746498
                                  0x0174649b
                                  0x0174649f
                                  0x017464a1
                                  0x01787c07
                                  0x01787c09
                                  0x01787c0c
                                  0x00000000
                                  0x017464a7
                                  0x017464a7
                                  0x017464aa
                                  0x01787bf7
                                  0x01787c00
                                  0x00000000
                                  0x01787bf9
                                  0x01787bf9
                                  0x01787bf9
                                  0x017464b0
                                  0x017464b0
                                  0x017464b2
                                  0x017464b2
                                  0x017464b3
                                  0x017464ba
                                  0x01746553
                                  0x0174655e
                                  0x01746566
                                  0x0174656c
                                  0x01746575
                                  0x0174657f
                                  0x01746585
                                  0x01746588
                                  0x01746588
                                  0x017464c7
                                  0x017464cb
                                  0x017464ce
                                  0x017464d3
                                  0x017464da
                                  0x017464e5
                                  0x017464ed
                                  0x017464f1
                                  0x017464f5
                                  0x017464f6
                                  0x017464fa
                                  0x01746502
                                  0x01746503
                                  0x01746504
                                  0x01746507
                                  0x0174651a
                                  0x01746524
                                  0x01746524
                                  0x01746526
                                  0x01746526
                                  0x017464aa
                                  0x0174652c
                                  0x0174652d
                                  0x0174652e
                                  0x01746539

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: 0$0
                                  • API String ID: 3446177414-203156872
                                  • Opcode ID: e48b73a673ca701dff78b4c18e0d7c75f7106c81d03a4c06e67c9e1fc2785c0e
                                  • Instruction ID: 7b7e80f15d8b691825f01a59b452c64bc6c2090dde9b4566025f216ebea273d1
                                  • Opcode Fuzzy Hash: e48b73a673ca701dff78b4c18e0d7c75f7106c81d03a4c06e67c9e1fc2785c0e
                                  • Instruction Fuzzy Hash: E94167B16087069FC711CF2CC484A2AFBE5BB89714F044A6EF988DB301D771EA05CB86
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 017AFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E017AFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0175CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E017A5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E017A5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                  0x017afdda
                                  0x017afde2
                                  0x017afde5
                                  0x017afdec
                                  0x017afdfa
                                  0x017afdff
                                  0x017afe0a
                                  0x017afe0f
                                  0x017afe17
                                  0x017afe1e
                                  0x017afe19
                                  0x017afe19
                                  0x017afe19
                                  0x017afe20
                                  0x017afe21
                                  0x017afe22
                                  0x017afe25
                                  0x017afe40

                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017AFDFA
                                  Strings
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017AFE2B
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017AFE01
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.534207193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                  • Associated: 00000005.00000002.535933940.000000000180B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.535959139.000000000180F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_16f0000_6109238.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                  • API String ID: 885266447-3903918235
                                  • Opcode ID: e17c7c0c8c9ca4b42fa8c96b3cf4126d8b8dce289a5b3df70b99c02d49837497
                                  • Instruction ID: 40ff186c898df0a7c2d7a3436a482e4869e658861655e7ee6de845de6cf22dd9
                                  • Opcode Fuzzy Hash: e17c7c0c8c9ca4b42fa8c96b3cf4126d8b8dce289a5b3df70b99c02d49837497
                                  • Instruction Fuzzy Hash: 46F0C272204601BBEA211A45DC0AF27FF5AEB84B30F240319F628561E1EA62A82096A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%